• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 963
  • Last Modified:

VPN DESIGN

HI,

I'm  trying to design a centralized VPN architecture  with cisco equipments, so  every branch office have an dsl or t1 link, in this case i want to connect all the branch offices to the headquarters data center with VPN the questions is:
It is possible to send the branches offices INTERNET traffic trough the vpn ?

If yes, how can i set up this, what the best routing protocol should i use?

What kind of VPN tunnel should i use ?

Should i also put the domain controller for all the branch offices into the headquarters data-center, if yes how can i broadcast the microsoft protocols to join machines into the domain, share printers files and others

The web sense server can be centralized ? if yes how? and which asa appliance must be configured to forward http traffic into the websense (webfilter)


See the design below

A lot of thanks , regards and all what you want

vpn-designinternet-websense-cent.jpg
0
jamill
Asked:
jamill
  • 4
  • 3
1 Solution
 
Alexey KomarovChief Project EngineerCommented:
Good day,
It is possible to send the branches offices INTERNET traffic trough the vpn ? Yes


If yes, how can i set up this, what the best routing protocol should i use?
In this simple scheme it is possible to use static route.

What kind of VPN tunnel should i use ?
Site-to-Site Vpn tunnel if at Branch offices there is static an address Internet.

Should i also put the domain controller for all the branch offices into the headquarters data-center, if yes how can i broadcast the microsoft protocols to join machines into the domain, share printers files and others
You can establish at Branch offices additional controllers for decrease in the traffic and possibility of authorisation of users in the absence of connection with head office.

The web sense server can be centralized ? if yes how? and which asa appliance must be configured to forward http traffic into the websense (webfilter)

websense it is possible centralized at head office
All ASA`s needs to be configured for work with it
0
 
jamillAuthor Commented:
Thank you a lot

so

If yes, how can i set up this, what the best routing protocol should i use?
In this simple scheme it is possible to use static route.
*in the case of a dynamic routing protocol can witch one can i use (ospf or eigrp)

What kind of VPN tunnel should i use ?
Site-to-Site Vpn tunnel if at Branch offices there is static an address Internet.
Yes i know but with technology ( IPSec Direct Encapsulation, Point-to-Point GRE over IPSec, Dynamic Multipoint VPN (DMVPN), Virtual Tunnel Interface (VTI)

Can i use the waas appliance to optimize the and accelerate the traffic through the vpn ?

0
 
Alexey KomarovChief Project EngineerCommented:
You can configure ospf.
But the special sense in it is not present because these devices at you connect with each other on one link L2L.
IPSec Direct Encapsulation
Yes you may use.
http://www.ciscopros.info/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd8051c104_ps6474_Products_White_Paper.html

0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
jamillAuthor Commented:
Hello,

what's the better way to configure the vpn  failover beteen the cisco ASA of the branchoffice and the headquarters offices


regards ?
0
 
Alexey KomarovChief Project EngineerCommented:
Hello,
You can put two ASA at headquarters office in a mode active/passive for failover.

0
 
jamillAuthor Commented:
Hi

Have you a configuration template or model.
may i use the 2 isp option ?
Please can you give more technical details (configurations, commands protocols)

regards
0
 
Alexey KomarovChief Project EngineerCommented:
Hi,
To use the scheme with two isp providers it is necessary to change ASA for a router.
 where you wish to use 2 isp? At headquarters office?
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now