Choosing the better network Topology

Hi everyone,
Im doing some planning my new SOHO and im having some toughts on what is the better topology.

Basically there are three main devices, a catalyst 2960G 24port switch, a 2901 router and an ASA5510 IPS/IDS.

I was wondering should i connect them like that:

1.
<PC>->(SWITCH)->(ROUTER)->(FIREWALL)->(CABLE MODEM)

or just connect everything to a switch and separate them on different vlans like that:
(SW)V2->ROUTER->V3(SW)V3->FIREWALL->V4(SW)V4->CABLE MODEM

In that way i have a star topology and not a chain line like in exibit 1.

Any toughts on that? Basically i need VPN Tunnels to my worplace, secure access from the internet to my storage server and prevent script kiddies/lamers/crackers (the serious kind) getting into my network.

Hey einklienermench,

could you please show both ways in a graphical representation? It will be easier to argue about both ways later on.

-chrnxR

Fig1:

Fig2:


What do you think?
My biggest concern are actual penetrations rather than brute force Dos/DDos Botnet attacks.

Any idea guys?

Hey,

First of all... i think your network like you showed it in Fig1 would be fine. Cause i think if youre really setting up your home office then this should do the job. Another reason why i wouldnt go to far with this stuff is because troubleshooting will later become a real pain (in my opinion).

Let's compare the graphics a bit.
In Fig1 you assigned every componnent in Line which costs less installation work, less configuration work,.....small and simple, thats good.

In Fig2 you assigned every componnent in a star topology(physically)...and then you configured it to be in line(logically) like in Fig1 which takes a lot of work.

so basically Fig2 is the same as Fig1 just way more complicated, maybe even more unsafe and causes a slower network.

I think you should go for Fig1 and if you really really really really want to improve you can still use subnetting. Heres something for EXAMPLE:



Like in my graphic you can assign adresses 10.98.34.65/30 and 10.98.34.66/30 to subnet 1 and adresses 172.16.43.221/30 and 172.16.43.222/30 to subnet 2

einklienermench,

chrnxR's suggestion is pretty good. I think it would be more than adequate if you placed only the Firewall in front of your LAN. A properly configured ASA with IPS is more than enough to handle the traffic from your cable modem, terminate VPN sessions on it and create a DMZ zone to offer public services.

A lot of companies tend to use only routers without any firewall and do all the above on a single router, so I guess your in great shape!

If you have a second Internet connection at some point in the future, you can then place the router in front of the Firewall and perform policy based routing, so you can separate the traffic between your two Internet lines, with IP SLA for automatic Backup.

You can read more on IP SLA here:
www.firewall.cx/cisco-technical-knowledg...ter-ipsla-basic.html

And then move to IP SLA with Policy Based Routing:
www.firewall.cx/cisco-technical-knowledg...a-auto-redirect.html

Hope that helps!

Hello Guys according to my thinking before setting up a new network,it is important to have details about the topologies.A Topology is a sensible system framework.Think of a topology as a network's unique form or framework. This form does not actually match to the real framework of the gadgets on the system.There are 5 kinds of topology like bus,ring,star,tree,mesh.Thanks a lot for sharing!!