[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

Fiber Transport Connectivity and WAN recommendations

We currently have 5 subnets that connect back to one central location.  To simplify things we have subnet A, B, C, D, E and subnet A is our central location.  Not necessarily a need to communicate between all subnets and just need each to communicate back to Subnet A.

Current setup
     Subnet B is connected via T1 (Cisco Router 1700 Series)
     Subnet C is connected via T1 (Cisco Router 1700 Series)
     Subnet D is connected via MPLS (Addtran managed by Qwest)
     Subnet E is connected via MPLS (Addtran managed by Qwest)
     Current firewall are Sonicwall

We have fiber transports being installed between the subnets and is basically a Metro E or VPN line setup.  We are not planning to use any of the above hardware and also do not want to convert everything to a flat network.

Looking for some different ideas and opinions for hardware to use.  Want to keep it simple and cost down.

Would also like another opinion on hardware that could be configured for fail over to a redundant connection, but may not go down that road.

Thanks,

Jeremy
0
jbarton221
Asked:
jbarton221
  • 7
  • 7
6 Solutions
 
ded2545Commented:
I'm not an expert network engineer, but I have a similar setup that is simple. I'm using Cisco 3750's that do the routing/VLANS among each other. They are expensive new but you can get them fairly cheap "used".

As far as fail-over .. I have an ASA 5510 at my corporate location. At my branches, I use ASA 5505's and have a private and public interface .. if the private interface goes down, I can still access it via a point to point VPN connection between the ASA's. I do not have any routing or fancy rules if it would go down ... mainly a troubleshooting measure or "back door" in case of a problem.
0
 
jbarton221Author Commented:
Would it be possible to just the ASA's without the Cisco 3750's?
0
 
klassaCommented:
if you have enough interfaces and VLANs on the ASA5510 it should work to make the routing in asa5510.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
ded2545Commented:
If you swap out your SonicWall (which i suggest regardless), you could probably do it all on an ASA 5510. Looks like you only have 5 subnets which is very small. I think I have around 30 on my 5510.

Reason I recommend the 3750's is the ease of use and reliability. Do you have any layer 2 switches on your network?
0
 
jbarton221Author Commented:
Yes we have layer 2 switches everywhere.
0
 
ded2545Commented:
The asa has 4 gig ports but you can do sub interfaces so i think that would work just fine with your setup. As long as you have a layer 2 switch behind it, you can setup your vlan's and use the ASA to route between them.
0
 
jbarton221Author Commented:
What about using the ASA 5505?  At least using them out at the other sites?
0
 
ded2545Commented:
The only way the 5505 is a required device at the other sites is if you have a public facing interface. If it's a point to point metro e connection, you really don't need one. I would assume the ISP would give you their own routers at each location that would terminate the connection.

What i've done is requested both a private and public connection - which then requires a firewall. I use the public interface to create a VPN tunnel from the 5505 to my corporate 5510. You could ask the metro e provider if they can give you both a private and public interface ... or just find a cheap DSL or Cable provider.

I took it a step further and use the public interface to route Internet traffic out of so the only traffic traversing the private pipe, is the private traffic on my local LAN. The pipes I have are not very big so this was a must.
0
 
jbarton221Author Commented:
Right now that is exactly what are setup is for 3 of the 4 campuses.  We have separate Iternet connectivity at each.  They also have a separate server that runs DHCP, DNS, some shared files, etc.
The fourth campus does not have their own Internet, which may change, and currenlty use a PTP T1 back to the central location.  They also don't have a server and DHCP is setup as a superscope from our DHCP server at the central location where we use DHCP/IP helper on the Cisco routers.

Although I would love to centralize everything I don't think it will happen and have the separate Internet give us a redundant option also and keeps the MTM pricing down for the fiber connectivty between sites.
0
 
jbarton221Author Commented:
Could we just use the 5505 across the board?  Would you not recommend that?
0
 
ded2545Commented:
Yes you could - they would do the routing for you just as if you put a router there .. but to be honest, unless each end has a public facing connection, it's not worth the extra money.
0
 
jbarton221Author Commented:
But we could just use the 5505 to start at our main location and I believe that has enough ports?

Then if we add any public facing connections we could add a 5505 on the other end?

Is that what you are referring to and to your reference on it being wortht he extra cash?

Thanks
0
 
ded2545Commented:
yeah exactly .. if you have each "node" hitting your main location as a private connection, you can have them all going through the 5505. Without knowing that much about your company, if you can spare the extra money, I would step up to the 5510 as it has more horsepower with room to grow. But isn't necessary in your case. .
0
 
jbarton221Author Commented:
I think one problem is they all connect back to one port at our main location and not separate ports.  Wouldn't we have to have something at our branch locations to establish different VLAN's?
0
 
ded2545Commented:
Yes - if that's the case, you would have to have the port trunked so it can handle multiple vlan's.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now