I have been asked to design and implement a mid scale VPN solution. I plan to use a hub and spoke design where:
some spokes are corporate sites and others are connected via the inet.
WAN speeds vary between 5-20 Mb/s.
Not all spoke sites will be "on and connected" 24/7.
Some spokea that are far from the hub we need to communicate direcetly with one or more other spokes
iNet acces will be limited to the hub.
Split tunnel wan connections will not be permnitted on the spokes, but will be used on the hub for inet access
spokes will either have a hard router or some soft VPN client depneding on their size, uptime and number of users
My planned architecture is based on DMVPN phase 3 . This will allow
dynamic spoke creation
control over spoke to spoke communications
ability to limit iNet access through a main controlled gateway
simplification of the HUB as the number of spokes increases over time
I also need to use
NAT so that we can isolate spokes and deploy a well planned LAN side address space
ZFW- Zone based firewall is planned to be implemented as various spokes and the hub will have services running
EIGRP is planned for the LAN side
BGP or static is planned for the WAN side
I am old school and tend to do all my configs with CLI and not use a gui or some wizards. Maybe this will be easier?
My question relates to the order of implementation. Specifically what should be coded first and how do they interact. Can people please recommend a deployment order for the following.
For my non-router based spokes, are there any preferred VPN clients that work well with DMVPN, easy VPN, Get VPN, NCP VPN client etc.
Tips, suggestions and comments are welcome from users in this excellent forum.