Member_2_4777786
asked on
VPN DESIGN
HI,
I'm trying to design a centralized VPN architecture with cisco equipments, so every branch office have an dsl or t1 link, in this case i want to connect all the branch offices to the headquarters data center with VPN the questions is:
It is possible to send the branches offices INTERNET traffic trough the vpn ?
If yes, how can i set up this, what the best routing protocol should i use?
What kind of VPN tunnel should i use ?
Should i also put the domain controller for all the branch offices into the headquarters data-center, if yes how can i broadcast the microsoft protocols to join machines into the domain, share printers files and others
The web sense server can be centralized ? if yes how? and which asa appliance must be configured to forward http traffic into the websense (webfilter)
See the design below
A lot of thanks , regards and all what you want
vpn-designinternet-websense-cent.jpg
I'm trying to design a centralized VPN architecture with cisco equipments, so every branch office have an dsl or t1 link, in this case i want to connect all the branch offices to the headquarters data center with VPN the questions is:
It is possible to send the branches offices INTERNET traffic trough the vpn ?
If yes, how can i set up this, what the best routing protocol should i use?
What kind of VPN tunnel should i use ?
Should i also put the domain controller for all the branch offices into the headquarters data-center, if yes how can i broadcast the microsoft protocols to join machines into the domain, share printers files and others
The web sense server can be centralized ? if yes how? and which asa appliance must be configured to forward http traffic into the websense (webfilter)
See the design below
A lot of thanks , regards and all what you want
vpn-designinternet-websense-cent.jpg
ASKER
Thank you a lot
so
If yes, how can i set up this, what the best routing protocol should i use?
In this simple scheme it is possible to use static route.
*in the case of a dynamic routing protocol can witch one can i use (ospf or eigrp)
What kind of VPN tunnel should i use ?
Site-to-Site Vpn tunnel if at Branch offices there is static an address Internet.
Yes i know but with technology ( IPSec Direct Encapsulation, Point-to-Point GRE over IPSec, Dynamic Multipoint VPN (DMVPN), Virtual Tunnel Interface (VTI)
Can i use the waas appliance to optimize the and accelerate the traffic through the vpn ?
so
If yes, how can i set up this, what the best routing protocol should i use?
In this simple scheme it is possible to use static route.
*in the case of a dynamic routing protocol can witch one can i use (ospf or eigrp)
What kind of VPN tunnel should i use ?
Site-to-Site Vpn tunnel if at Branch offices there is static an address Internet.
Yes i know but with technology ( IPSec Direct Encapsulation, Point-to-Point GRE over IPSec, Dynamic Multipoint VPN (DMVPN), Virtual Tunnel Interface (VTI)
Can i use the waas appliance to optimize the and accelerate the traffic through the vpn ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello,
what's the better way to configure the vpn failover beteen the cisco ASA of the branchoffice and the headquarters offices
regards ?
what's the better way to configure the vpn failover beteen the cisco ASA of the branchoffice and the headquarters offices
regards ?
Hello,
You can put two ASA at headquarters office in a mode active/passive for failover.
You can put two ASA at headquarters office in a mode active/passive for failover.
ASKER
Hi
Have you a configuration template or model.
may i use the 2 isp option ?
Please can you give more technical details (configurations, commands protocols)
regards
Have you a configuration template or model.
may i use the 2 isp option ?
Please can you give more technical details (configurations, commands protocols)
regards
Hi,
To use the scheme with two isp providers it is necessary to change ASA for a router.
where you wish to use 2 isp? At headquarters office?
To use the scheme with two isp providers it is necessary to change ASA for a router.
where you wish to use 2 isp? At headquarters office?
It is possible to send the branches offices INTERNET traffic trough the vpn ? Yes
If yes, how can i set up this, what the best routing protocol should i use?
In this simple scheme it is possible to use static route.
What kind of VPN tunnel should i use ?
Site-to-Site Vpn tunnel if at Branch offices there is static an address Internet.
Should i also put the domain controller for all the branch offices into the headquarters data-center, if yes how can i broadcast the microsoft protocols to join machines into the domain, share printers files and others
You can establish at Branch offices additional controllers for decrease in the traffic and possibility of authorisation of users in the absence of connection with head office.
The web sense server can be centralized ? if yes how? and which asa appliance must be configured to forward http traffic into the websense (webfilter)
websense it is possible centralized at head office
All ASA`s needs to be configured for work with it