Greetings, im trying to put together a scope for managed office scenarios, we have a number of potential clients who let out there premises for use by different clients as well as one existing customer who is currently expanding there building to 200 offices.
The current basic design i have in place is based on a layer 3 access layer and core using 3750 series switches a single ASA firewall and a 2811 ISR terminating a leased line presented on ethernet, we are also running Call Manager in combination with Unity Express to provide voicemail service to existing and future clients renting office space.
My initial thoughts were to allocate each office it's own data vlan and voice vlan aswell as a separate subnet
Eg: Office 1 -
Data Vlan 101
Voice Vlan 201
Data Network: 172.18.1.0 /24
Voice Network 172.17.1.0 /24
Office 2 -
Data Vlan 102
Voice Vlan 202
Data Network: 172.18.2.0 /24
Voice Network 172.17.2.0 /24
Call Manager/Unity Vlan: 1000
Call Manager/Unity Network: 172.16.1.0 /24
The question im really toiling with though is how best to route traffic between the office vlans and the call manager network but also keep traffic between office's isolated at the same time giving each each individual network internet access via the ASA, i had thought of using the switch as the gateway for the voice networks and then trunking to the ASA and using the ASA as the gateway for the data networks.
Has anyone done anything like this before, if so id really appreciate any recommendations you may have.