Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
0
Helpful
3
Replies

Help to plan and build my network (vpn, voice, security, routing...)

nicanor00
Level 1
Level 1

‎03-30-2010 01:48 AM - edited ‎03-06-2019 10:22 AM

Hello

I am planning to build our network

We have 3 branch and the headquarter (the number of branch will grouth)

Each branch should be connected to the headquarter with VPN link (ipsec 3des)

I have one cisco 2821 for the headquarter and one cisco 2801 for each branch

I would also implement voice on my network, Cisco call manager express should be installed on the cisco 2821 and should manage all VoIP call on our network.(branch + head quarter). All cisco Ip phone are in DHCP mode and DHCP server for Ip phone is the cisco 2821

Computer can be either in DHCP or static mode, dhcp server for computer is the local router on each LAN

I use the catalyst 2960 on the headquarter to aggregate vpn conexion (vlan 80) and headquarter LAN traffic (voice vlan 10 and data vlan 20)

The Cisco 2821 router should also serves as my gateway to the Internet

And I have several servers on my network.

Users who are outside of our offices should also access these servers from the Internet,

This access should be secured, user could use free integrated windows vpn client or cisco vpn client

These users use Windows XP or vista and Internet Explorer.

I would use access list on each router to give or block access to internet, I would have 2 group of user on each site (with or without access to internet)

Now I have

cisco2821-sec/k9

cisco2801-hsec/k9

I would upgrade the cisco 2821 ios to advance IP service and install CME (the last version)

Could you have a look on my architecture and tell me if my network plan is good ?

Do you think that everything should work ?

Have I missed some thing ?

Please advice

Thanks in advance

Labels:
Preview file
102 KB
0 Helpful
3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎03-30-2010 04:56 AM

Hello 

I am planning to build our network
We have 3 branch and the headquarter (the number of branch will grouth)
Each branch should be connected to the headquarter with VPN link (ipsec 3des)
I have one cisco 2821 for the headquarter and one cisco 2801 for each branch
I
would also implement voice on my network, Cisco call manager express
should be installed on the cisco 2821 and should manage all VoIP call
on our network.(branch + head quarter). All cisco Ip phone are in DHCP
mode and DHCP server for Ip phone is the cisco 2821
Computer can be either in DHCP or static mode, dhcp server for computer is the local router on each LAN
I
use the catalyst 2960 on the headquarter to aggregate vpn conexion
(vlan 80) and headquarter LAN traffic (voice vlan 10 and data vlan 20)
The Cisco 2821 router should also serves as my gateway to the Internet 
And I have several servers on my network. 
  
Users who are outside of our offices should also access these servers from the Internet, 
This access should be secured, user could use free integrated windows vpn client or cisco vpn client
These users use Windows XP or vista and Internet Explorer. 
  
I
would use access list on each router to give or block access to
internet, I would have 2 group of user on each site (with or without
access to internet)
  
Now I have 
cisco2821-sec/k9 
cisco2801-hsec/k9
I would upgrade the cisco 2821 ios to advance IP service and install CME (the last version)
  
Could you have a look on my architecture and tell me if my network plan is good ?
Do you think that everything should work ?
Have I missed some thing ?
Please advice
Thanks in advance

Hi,

Design seems to be simple but my concerns are what about the firewall in your network,I would suggest the traffic which is coming and from outside and going from inside and the traffic which are getting landed from branches need to be scanned via firewall,so you should have firewall in your network.

and if you see you have single point of failure at two one at router level and anothere at switch level,if client has budget to purchase then ask him too have redundacny setup at least at these two levels.

Another concern what is the isp bandwidth and branch bandwidth which will be using voice and data also,you should have done bandwidth budgetting with futrue in concern.As voice traffice require good amount of traffic and possible implement qos also to piroritize the voice traffic in network.

Hope to Help !!

Ganesh.H

Cisco will donate $1 to  the Red Cross Haiti fund for every rated post!

https://supportforums.cisco.com/docs/DOC-8727


0 Helpful

droeun141
Level 1
Level 1

‎03-30-2010 04:59 AM

Just curious, but why are all of your branch office WAN connections in the same subnet?

0 Helpful

nicanor00
Level 1
Level 1
In response to droeun141

‎03-30-2010 07:19 AM

Each branch is directly connected to the headquarter using wireless link. I already installed the 3 radio link, so there is no ISP between branch and headquarter and there is no bandwith problem between branch and headquarter

The only ISP is the one who give the internet connexion

Could you have a look on my  architecture and tell me if my network plan is good ?

Do you think that everything should  work ?

Have I missed  some thing ?

Please  advice

Thanks in  advance

Preview file
104 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card