nainasipra
asked on
IPsec VPN
I want to implement IPSec VPN between my office sites, what could be required things(devices, internet line etc...), and how i can implement. Any suggestions are welcome.
Scenario:
HQ = 200 users
Site-1 = 50 user
Site-2 = 50 users
Site-3 = 10 users
Site-4= 100 users
Site-5 = 20 users
Scenario:
HQ = 200 users
Site-1 = 50 user
Site-2 = 50 users
Site-3 = 10 users
Site-4= 100 users
Site-5 = 20 users
ASKER
thank you patrick,
about required capacity i will have some more meetings with our other departments to make sure their usage but what about internet lines. should i have leased line or broatband connection is ok?
if its broadband connection then i can have 100 mbps on very cheap rate but leased connection even 1 mbps is very costly.
please suggest me to have internet lines for each office?
about required capacity i will have some more meetings with our other departments to make sure their usage but what about internet lines. should i have leased line or broatband connection is ok?
if its broadband connection then i can have 100 mbps on very cheap rate but leased connection even 1 mbps is very costly.
please suggest me to have internet lines for each office?
Hi again,
It really depend the usage, if only a handfull users use VPN simultanous you could do with broadband but again, it depend usage.
It really depend the usage, if only a handfull users use VPN simultanous you could do with broadband but again, it depend usage.
ASKER
suppose 50 site-users will use ERP and DNS from head office simultaneously ?
ERP will run in Terminal Server sessions in almost all cases, as datebase-driven applications running via VPN are a pain. DNS will not consume much bandwidth, but you should use local DNS servers for caching results, so requests are much faster and less frequent.
I reckon you want to keep Internet traffic local (not passing it thru the HQ), which is a good idea unless you want to have centralized Web Filtering management.
With broadband connections you'll have to pay attention whether they are synchronous (having the same up- and downstream bandwidth) or asynchronous. For the latter you usually have severe speed restrictions for one direction.
I reckon you want to keep Internet traffic local (not passing it thru the HQ), which is a good idea unless you want to have centralized Web Filtering management.
With broadband connections you'll have to pay attention whether they are synchronous (having the same up- and downstream bandwidth) or asynchronous. For the latter you usually have severe speed restrictions for one direction.
ASKER
i have one domain server for all, its ok i can have more domain server for users, but ERP is used by all users on all sites,
second, you mean i must have synchronous if i have broadband.
second, you mean i must have synchronous if i have broadband.
Local DCs are no requirement but recommended.
You don't need a synchronous connection for the branches if data transfer is mostly into one direction. E.g. Terminal Services are more like downloads - some upstream, huge downstream. But if you need to exchange files, upstream gets more important.
The HQ needs the best connection, of course, and that one should have a fat upstream pipe.
You don't need a synchronous connection for the branches if data transfer is mostly into one direction. E.g. Terminal Services are more like downloads - some upstream, huge downstream. But if you need to exchange files, upstream gets more important.
The HQ needs the best connection, of course, and that one should have a fat upstream pipe.
ASKER
still i am not clear that how many connections and what type of connections should i have for all sites,
broadband or leased lines?
broadband or leased lines?
To give a figure:
HQ: 100/100
Sites: 100/10 or similar
but that's a guess.
HQ: 100/100
Sites: 100/10 or similar
but that's a guess.
ASKER
how many static IP i must have to do this ?
or all sites dynamic IP will work?
or all sites dynamic IP will work?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OR you can try MPLS
more here http://www.cisco.com/en/US/tech/tk436/tk428/technologies_q_and_a_item09186a00800949e5.shtml
more here http://www.cisco.com/en/US/tech/tk436/tk428/technologies_q_and_a_item09186a00800949e5.shtml
For equipment i would say get yourself some Cisco ASA devices with 50 user licences where 50 users is sufficient and get unlimited licenses where you need more.
About internet lines, quicker is better but you need to know what capacity you need.