Adding a stub network design question 1

[derf238]

The basic home office topology – perimeter router to internet – PIX 515E – switch- hosts. Now we add a branch office as a stub network with a point-to-point circuit. We’ll add an inside router at the home office and static route between serial 0 and the router in the branch. Is it at all advisable to then go from E0 in the inside router to the switch and leave the Pix as is on the switch or should I have E0 go to the switch for the LAN and add an interface to the router and move the PIX to E1?
Thanks in advance

 

[lgarner]

Personally, I'd move the Pix to E1.

home -- router -- pix -- internet
remote ---|

Really, it will work fine either way. This option eliminates the icmp redirect traffic, or the need for routing tables on the workstations.

 

[derf238]

lgarner - Thanks, could you give me some details on icmp redirect and routing table on the workstations?
Thanks

 

[lgarner]

If the Pix inside i/f and the router are on the same segment as the workstations, then the workstations need to know how to get to each network (the remote office and the internet).

For example, assuming that the w/s default route is the router. For internet access, the traffic can
1. relay off the router, with the router telling the w/s to talk to Pix for subsequent requests to that network (icmp redirect)
2. always relay off the router if icmp redirect is disabled there.

or, the workstation can
1. maintain the remote office's network in their routing tables
2. use RIP to learn the routes.

I think that any scenario involving the Pix, the router and the workstations all on the same segment increases complexity. If all traffic goes to the router and the router makes the decisions, it's simpler. It could also be more flexible in case you want to add new remote offices, or VPN backup to the WAN.

 

[derf238]

Thanks for the info!!