Solved

Multi-WAN network ?

Posted on 2009-05-05
7
977 Views
Last Modified: 2012-05-06
Hi guys,

I'm having trouble defining the possibility of a multi-WAN network proposed by an IT solution company since I'm no CISCO Geek.
Our company has offices all over the world (US, India, China), all connected in a "World WAN" so we can access certain resources in other countries. IP: 10.x.x.x for each country

In US (IP: 10.149.x.x), the company has several offices (NY, LA, San Francisco, New Jersey), only New York (10.148.5.x) is connected to the World WAN now. We were proposed a solution of connecting all US offices into a smaller network called "American WAN" so we can share resources between offices in US and also be able to access World WAN from anywhere. What I wonder is
- Is this network possible ?
- Can one firewall be able to handle both WANs, is it easy configure this ?
- Is it possible for all US offices to access resources from World WAN, can this be defined by ASA firewall configuration ?
- What should play the role of DHCP here ?

Any advice will be very much appreciated.
question.jpg
0
Comment
Question by:Johnny_Nguyen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 24311968
Yes, it is. Very sparse on details there, however either via IPSec site-to-site VPN or a layer 2 VPN service (MPLS/VPLS, etc) it is possible.

Yes, it could support any number of 'WANs' you like - it is simply a matter of configuring each terminating interface appropriately. The ease of this is going to vary depending on access restrictions, etc.

What resources are they offering? If you're talking files and things of that nature, then you'd be best off with DFS.

DHCP would only be used for access devices to obtain an IP address at each site. You wouldn't deploy it right across both WANs.
0
 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24312205
Hi Quori, clear picture can be seen by clickin on the attached file or here http://www.experts-exchange.com/images/135955/question.jpg

The problem here is that: The World WAN is there now already, I don't control it, they give us a subnet 10.149.x.x. Resources on WORLD WAN are intranet, library and email.

Our job is to build this American WAN and connect all US offcies together rather than just US Head Office in New York. All US offices share some virtual applications deployed at head office New York, but this wont be accessible to any other country.

Now I wonder how to configure the Firewall to support this, do you have any doco on the ASA Firewall ?
And did I draw the diagram correctly ?
0
 
LVL 13

Expert Comment

by:Quori
ID: 24331184
When I get time I can provide some config for getting this sorted out. Do the other offices have any existing connectivity?

You may want to look into an MPLS-VPN solution to tie all your US based sites together, then from the head office (which would be a transit point for the remote offices to get to 'world wan') setup appropriate connectivity into world wan. Or if there is existing connectivity we could setup site to site VPNs between your remote offices and the head office.
0
Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24332503
At the moment we only have separate internet at each US office. And MPLS-VPN is what they offer for the American WAN. And I reckon MPLS is properly the better choice than site to site since these US offices needs to communicate to each other as well rather than always have to go thru head office..

Imagine we have MPLS-VPN WAN in place now in US, do we connect head office to World WAN like the way I drew there (thru the same firewall, to a different CISCO Router) ? This has been on my mind for quite some time. In that case, how do we configure the Firewall to understand the difference between World WAN and American WAN and router them properly as desired.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24332561
World WAN would have its own subnets. You can run a dynamic routing protocol. The 'world WAN' would have its own interface on the ASA. You can use an MPLS-VPN provider for this or again, site-to-site. If you are wanting to filter the traffic going to the world wan, then you could just terminate it into the ASA.

Even if there are two different providers, it is fine. Just need the two providers to come into the building with the central set of equipment.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24332568
This is all very basic design, and I can't help much because there is just too many ways to do it. And if you don't have full authority over your networks then it is moot until an agreement is reached on design with those who control the world wan.

Once that is setup, we can talk about routing policies to their side of things as well as thinking about what services to filter.
0
 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24332584
Thanks very much for your helpful information
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question