| ISP Router |
Upstream BGP Peer |
Outside/WAN |
G0/0 |
203.0.113.1 |
65401 |
Provides internet transit/BGP peering. |
| Edge Router |
WAN/ |
Outside/WAN |
G0/0 |
203.0.113.2 |
65001 |
BGP peering with ISP, default route for lab. |
| Firewall (ASA) |
Security Gateway |
Outside/WAN |
G0/0 |
203.0.113.3 |
65001 |
Enforces perimeter security, NAT, ACLs. |
| Firewall (ASA) |
Security Gateway |
Inside |
G0/1 |
192.168.200.1 |
65001 |
Segments internal network, controls access. |
| Firewall (ASA) |
Security Gateway |
DMZ |
G0/2 |
172.16.10.1 |
65001 |
Segments DMZ, controls DMZ access. |
| Core Router |
Internal Routing |
Inside |
G0/0 |
192.168.200.2 |
65001 |
Routes traffic between LAN and firewall. |
| Core Router |
LAN Gateway |
LAN |
G0/1 |
192.168.20.1 |
65001 |
Default gateway for LAN devices. |
| On-Prem Switch |
Layer 2 Switch |
LAN |
— |
— |
— |
Connects LAN devices at Layer 2. |
| Workstation 1 |
User/Management |
LAN |
eth0 |
192.168.20.10 |
— |
Management/admin tasks. |
| Workstation 2 |
User/Monitoring |
LAN |
eth0 |
192.168.20.11 |
— |
Network monitoring and analysis. |
| Workstation 3 |
User/Testing |
LAN |
eth0 |
192.168.20.12 |
— |
Security/penetration testing. |
| DMZ Switch |
Layer 2 Switch |
DMZ |
— |
— |
— |
Connects DMZ servers at Layer 2. |
| DNS Server |
DMZ Server |
DMZ |
eth0 |
172.16.10.10 |
— |
Provides DNS services to DMZ/public. |
| Web Server |
DMZ Server |
DMZ |
eth0 |
172.16.10.20 |
— |
Hosts public web services. |
| Mail Server |
DMZ Server |
DMZ |
eth0 |
172.16.10.30 |
— |
Handles email for DMZ/public. |
| Proxy Server |
DMZ Server |
DMZ |
eth0 |
172.16.10.40 |
— |
Provides proxy services for DMZ/public. |