We are reviewing our internet connectivity to a view of simplifying and improving performance and security.  We currently have 3 sites with Cisco routers and ASA firewalls on-premise running IPSec between them, with remote user VPNs terminating on two of them.  We are not running any additional services on the firewalls.  We also run SIP trunks into one of the offices which traverses to another.  QoS on the routers and on-premise switches.  Voice works well.
Still running many systems on prem and only have o365, no AWS/Azure yet..
We are looking at MPLS.  Would this be a better fit?  What about VPLS, SDWan or sticking with on-premise firewalls with IPsec?  
Any suggestions would be great.  
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aaron TomoskyDirector of Solutions ConsultingCommented:
I like SD-WAN, you can usually get a fiber and coax and SD-WAN appliance managed all for the cost of MPLS with better performance and resiliency. Disclaimer: my day job is at a managed sd-wan provider

Pro tip: Keep at least one of you firewalls anywhere you have servers (for ids/ips/gav) and need client vpns,
Mike SmithEnterprise VoIP & ISP BrokerCommented:
Can you specify the issues/concerns you're having today, with your current IPsec? MPLS and SD-WAN are both viable technologies and a good fit for certain scenarios but trying to learn more about what specifically you'd like to improve.

What applications are running slow?

You said the voice is working well? Do you have local dial tone at each site, separately?

Are your 3 sites in major metropolitan areas, where you might be able to get a second Internet circuit?
CHI-LTDAuthor Commented:
Thats what i dont want: firewalls on premise, id prefer them hosted.

Sure, so incumbent isnt performing, and we haven't any firewall HA in place.  Simplify it and improve security and performance.  

Nothing running slow, apart from exchange online at times.

Yes QoS works fine as does the voice.  Yes, we have shoretel kit on premise.

We can get a second ADSL/FTTC no problem.
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Mike SmithEnterprise VoIP & ISP BrokerCommented:
If nothing is running slow and voice is fine, no need to pay for MPLS or VPLS.

SD-WAN sits outside of your IPsec VPN and your IPsec tunnels pass through it. The main benefits of SD-WAN are improved performance of your network speed, lower levels of packet loss, latency & jitter and better redundancy.

Some SD-WAN providers can, however add managed IPsec VPN and managed/network security as value-add features but they are not a standard feature of SD-WAN.

It sounds like you are a candidate for SD-WAN for the performance but you need to try to find a provider who has the value-add of security, firewall, intrusion prevention, etc.
CHI-LTDAuthor Commented:
Why not?  We have less HA at our sites and old kit.  MPLS would resolve this, no?
So its a firewall/router in oue that points to a cloud offering where it can be managed by a web interface?  Ive looked at it here in the UK and the prices are either astronomical or nobody supplies it.
Mike SmithEnterprise VoIP & ISP BrokerCommented:
MPLS/VPLS is very pricy at high speeds. The main benefit of it is to guarantee low levels of packet loss, latency and jitter (for Real-time traffic), or prevent bottlenecks (that encryption can create), when transferring very large amounts of data.

SD-WAN with managed security pails in comparison to the cost of high bandwidth MPLS with managed security. So, if your real time voice traffic is performing well and you aren't sending monster size files, IPSec is the best way to go.

SD-WAN will provide a little added benefit of increased network speed and failover, with the option of adding managed network-based security.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CHI-LTDAuthor Commented:
signed to go MPLS...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.