I have a new AT&T ADI circuit being installed to replace a cable connection. At the same time I'm replacing a very ancient ASA with an SRX. The ASA has to stay in place past the day when the circuit is live.
I can do this with a switch between the circuit and both firewalls, but then I lose shaping ability. I am thinking of asking AT&T for a "routed handoff" and a /28, and using the SRX to split off half of the /28 for the ASA to use.
What I'm proposing is this topology. I can't see a reason why this shouldn't work, and I'm going to lab out what I can with spare equipment - but are there any gotchas I should look out for? It's only a 50Mb circuit so performance should not be an issue.
No comments:
Post a Comment