Solved

Multi-WAN network ?

Posted on 2009-05-05
7
973 Views
Last Modified: 2012-05-06
Hi guys,

I'm having trouble defining the possibility of a multi-WAN network proposed by an IT solution company since I'm no CISCO Geek.
Our company has offices all over the world (US, India, China), all connected in a "World WAN" so we can access certain resources in other countries. IP: 10.x.x.x for each country

In US (IP: 10.149.x.x), the company has several offices (NY, LA, San Francisco, New Jersey), only New York (10.148.5.x) is connected to the World WAN now. We were proposed a solution of connecting all US offices into a smaller network called "American WAN" so we can share resources between offices in US and also be able to access World WAN from anywhere. What I wonder is
- Is this network possible ?
- Can one firewall be able to handle both WANs, is it easy configure this ?
- Is it possible for all US offices to access resources from World WAN, can this be defined by ASA firewall configuration ?
- What should play the role of DHCP here ?

Any advice will be very much appreciated.
question.jpg
0
Comment
Question by:Johnny_Nguyen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 24311968
Yes, it is. Very sparse on details there, however either via IPSec site-to-site VPN or a layer 2 VPN service (MPLS/VPLS, etc) it is possible.

Yes, it could support any number of 'WANs' you like - it is simply a matter of configuring each terminating interface appropriately. The ease of this is going to vary depending on access restrictions, etc.

What resources are they offering? If you're talking files and things of that nature, then you'd be best off with DFS.

DHCP would only be used for access devices to obtain an IP address at each site. You wouldn't deploy it right across both WANs.
0
 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24312205
Hi Quori, clear picture can be seen by clickin on the attached file or here http://www.experts-exchange.com/images/135955/question.jpg

The problem here is that: The World WAN is there now already, I don't control it, they give us a subnet 10.149.x.x. Resources on WORLD WAN are intranet, library and email.

Our job is to build this American WAN and connect all US offcies together rather than just US Head Office in New York. All US offices share some virtual applications deployed at head office New York, but this wont be accessible to any other country.

Now I wonder how to configure the Firewall to support this, do you have any doco on the ASA Firewall ?
And did I draw the diagram correctly ?
0
 
LVL 13

Expert Comment

by:Quori
ID: 24331184
When I get time I can provide some config for getting this sorted out. Do the other offices have any existing connectivity?

You may want to look into an MPLS-VPN solution to tie all your US based sites together, then from the head office (which would be a transit point for the remote offices to get to 'world wan') setup appropriate connectivity into world wan. Or if there is existing connectivity we could setup site to site VPNs between your remote offices and the head office.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24332503
At the moment we only have separate internet at each US office. And MPLS-VPN is what they offer for the American WAN. And I reckon MPLS is properly the better choice than site to site since these US offices needs to communicate to each other as well rather than always have to go thru head office..

Imagine we have MPLS-VPN WAN in place now in US, do we connect head office to World WAN like the way I drew there (thru the same firewall, to a different CISCO Router) ? This has been on my mind for quite some time. In that case, how do we configure the Firewall to understand the difference between World WAN and American WAN and router them properly as desired.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24332561
World WAN would have its own subnets. You can run a dynamic routing protocol. The 'world WAN' would have its own interface on the ASA. You can use an MPLS-VPN provider for this or again, site-to-site. If you are wanting to filter the traffic going to the world wan, then you could just terminate it into the ASA.

Even if there are two different providers, it is fine. Just need the two providers to come into the building with the central set of equipment.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24332568
This is all very basic design, and I can't help much because there is just too many ways to do it. And if you don't have full authority over your networks then it is moot until an agreement is reached on design with those who control the world wan.

Once that is setup, we can talk about routing policies to their side of things as well as thinking about what services to filter.
0
 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24332584
Thanks very much for your helpful information
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5505's for VPN study 15 60
Hidden network 2 40
Cisco VOIP Question 1 30
Network bogged down - slowing down some client PCs 10 36
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question