Solved

Multi-WAN network ?

Posted on 2009-05-05
7
969 Views
Last Modified: 2012-05-06
Hi guys,

I'm having trouble defining the possibility of a multi-WAN network proposed by an IT solution company since I'm no CISCO Geek.
Our company has offices all over the world (US, India, China), all connected in a "World WAN" so we can access certain resources in other countries. IP: 10.x.x.x for each country

In US (IP: 10.149.x.x), the company has several offices (NY, LA, San Francisco, New Jersey), only New York (10.148.5.x) is connected to the World WAN now. We were proposed a solution of connecting all US offices into a smaller network called "American WAN" so we can share resources between offices in US and also be able to access World WAN from anywhere. What I wonder is
- Is this network possible ?
- Can one firewall be able to handle both WANs, is it easy configure this ?
- Is it possible for all US offices to access resources from World WAN, can this be defined by ASA firewall configuration ?
- What should play the role of DHCP here ?

Any advice will be very much appreciated.
question.jpg
0
Comment
Question by:Johnny_Nguyen
  • 4
  • 3
7 Comments
 
LVL 13

Accepted Solution

by:
Quori earned 500 total points
ID: 24311968
Yes, it is. Very sparse on details there, however either via IPSec site-to-site VPN or a layer 2 VPN service (MPLS/VPLS, etc) it is possible.

Yes, it could support any number of 'WANs' you like - it is simply a matter of configuring each terminating interface appropriately. The ease of this is going to vary depending on access restrictions, etc.

What resources are they offering? If you're talking files and things of that nature, then you'd be best off with DFS.

DHCP would only be used for access devices to obtain an IP address at each site. You wouldn't deploy it right across both WANs.
0
 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24312205
Hi Quori, clear picture can be seen by clickin on the attached file or here http://www.experts-exchange.com/images/135955/question.jpg

The problem here is that: The World WAN is there now already, I don't control it, they give us a subnet 10.149.x.x. Resources on WORLD WAN are intranet, library and email.

Our job is to build this American WAN and connect all US offcies together rather than just US Head Office in New York. All US offices share some virtual applications deployed at head office New York, but this wont be accessible to any other country.

Now I wonder how to configure the Firewall to support this, do you have any doco on the ASA Firewall ?
And did I draw the diagram correctly ?
0
 
LVL 13

Expert Comment

by:Quori
ID: 24331184
When I get time I can provide some config for getting this sorted out. Do the other offices have any existing connectivity?

You may want to look into an MPLS-VPN solution to tie all your US based sites together, then from the head office (which would be a transit point for the remote offices to get to 'world wan') setup appropriate connectivity into world wan. Or if there is existing connectivity we could setup site to site VPNs between your remote offices and the head office.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24332503
At the moment we only have separate internet at each US office. And MPLS-VPN is what they offer for the American WAN. And I reckon MPLS is properly the better choice than site to site since these US offices needs to communicate to each other as well rather than always have to go thru head office..

Imagine we have MPLS-VPN WAN in place now in US, do we connect head office to World WAN like the way I drew there (thru the same firewall, to a different CISCO Router) ? This has been on my mind for quite some time. In that case, how do we configure the Firewall to understand the difference between World WAN and American WAN and router them properly as desired.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24332561
World WAN would have its own subnets. You can run a dynamic routing protocol. The 'world WAN' would have its own interface on the ASA. You can use an MPLS-VPN provider for this or again, site-to-site. If you are wanting to filter the traffic going to the world wan, then you could just terminate it into the ASA.

Even if there are two different providers, it is fine. Just need the two providers to come into the building with the central set of equipment.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24332568
This is all very basic design, and I can't help much because there is just too many ways to do it. And if you don't have full authority over your networks then it is moot until an agreement is reached on design with those who control the world wan.

Once that is setup, we can talk about routing policies to their side of things as well as thinking about what services to filter.
0
 
LVL 1

Author Comment

by:Johnny_Nguyen
ID: 24332584
Thanks very much for your helpful information
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
adding a printer to QAD 10 62
Load Balancing 3 28
VPS for routing recomendations 3 49
spanning tree loop even though stp is enabled 10 30
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question