Multi-WAN network ?

Hi guys,

I'm having trouble defining the possibility of a multi-WAN network proposed by an IT solution company since I'm no CISCO Geek.
Our company has offices all over the world (US, India, China), all connected in a "World WAN" so we can access certain resources in other countries. IP: 10.x.x.x for each country

In US (IP: 10.149.x.x), the company has several offices (NY, LA, San Francisco, New Jersey), only New York (10.148.5.x) is connected to the World WAN now. We were proposed a solution of connecting all US offices into a smaller network called "American WAN" so we can share resources between offices in US and also be able to access World WAN from anywhere. What I wonder is
- Is this network possible ?
- Can one firewall be able to handle both WANs, is it easy configure this ?
- Is it possible for all US offices to access resources from World WAN, can this be defined by ASA firewall configuration ?
- What should play the role of DHCP here ?

Any advice will be very much appreciated.
question.jpg
LVL 1
Johnny_NguyenAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
QuoriConnect With a Mentor Commented:
Yes, it is. Very sparse on details there, however either via IPSec site-to-site VPN or a layer 2 VPN service (MPLS/VPLS, etc) it is possible.

Yes, it could support any number of 'WANs' you like - it is simply a matter of configuring each terminating interface appropriately. The ease of this is going to vary depending on access restrictions, etc.

What resources are they offering? If you're talking files and things of that nature, then you'd be best off with DFS.

DHCP would only be used for access devices to obtain an IP address at each site. You wouldn't deploy it right across both WANs.
0
 
Johnny_NguyenAuthor Commented:
Hi Quori, clear picture can be seen by clickin on the attached file or here http://www.experts-exchange.com/images/135955/question.jpg

The problem here is that: The World WAN is there now already, I don't control it, they give us a subnet 10.149.x.x. Resources on WORLD WAN are intranet, library and email.

Our job is to build this American WAN and connect all US offcies together rather than just US Head Office in New York. All US offices share some virtual applications deployed at head office New York, but this wont be accessible to any other country.

Now I wonder how to configure the Firewall to support this, do you have any doco on the ASA Firewall ?
And did I draw the diagram correctly ?
0
 
QuoriCommented:
When I get time I can provide some config for getting this sorted out. Do the other offices have any existing connectivity?

You may want to look into an MPLS-VPN solution to tie all your US based sites together, then from the head office (which would be a transit point for the remote offices to get to 'world wan') setup appropriate connectivity into world wan. Or if there is existing connectivity we could setup site to site VPNs between your remote offices and the head office.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Johnny_NguyenAuthor Commented:
At the moment we only have separate internet at each US office. And MPLS-VPN is what they offer for the American WAN. And I reckon MPLS is properly the better choice than site to site since these US offices needs to communicate to each other as well rather than always have to go thru head office..

Imagine we have MPLS-VPN WAN in place now in US, do we connect head office to World WAN like the way I drew there (thru the same firewall, to a different CISCO Router) ? This has been on my mind for quite some time. In that case, how do we configure the Firewall to understand the difference between World WAN and American WAN and router them properly as desired.
0
 
QuoriCommented:
World WAN would have its own subnets. You can run a dynamic routing protocol. The 'world WAN' would have its own interface on the ASA. You can use an MPLS-VPN provider for this or again, site-to-site. If you are wanting to filter the traffic going to the world wan, then you could just terminate it into the ASA.

Even if there are two different providers, it is fine. Just need the two providers to come into the building with the central set of equipment.
0
 
QuoriCommented:
This is all very basic design, and I can't help much because there is just too many ways to do it. And if you don't have full authority over your networks then it is moot until an agreement is reached on design with those who control the world wan.

Once that is setup, we can talk about routing policies to their side of things as well as thinking about what services to filter.
0
 
Johnny_NguyenAuthor Commented:
Thanks very much for your helpful information
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.