We need to create a new campus lan, with some requirements:
1. We have many clients and these clients can not communicate, trough our network. (security requirement).
2. One client have a requirement to have one firewall between him and another clients and our staff. (security requirement)
3. We have 1.600 hosts and 1.600 phones, using one switch port to phone and pc conected to the phone (avaya).
4. We need to make VPNs site-to-site between us and the clientes.
5. This site is a remote site and our datacenter is remote, and go through two links redundant between two service providers distinct links.
6. But on this site we have a small datacenter local to (authentication, dhcp, local storage, antivirus, and some applications).
7. This site cant grow any more because of physical limitations.
8. We have all access switchs (2960-s 48 port PoE).
9. We use for communication between another sites (eigrp).
10. May be in future we need go to MPLS design and traffic engineer.
Now the question:
We have three scenarios:
The first one: We buy one 6509-E with SUP2T and 3 modules 48 ports ethernet and a FWSM module, to collapse the core and distribution. (attachment Option_with_6509(collapse core and distribution).jpg
The second one: We buy one 6509-E with SUP2T and 3 modules 48 ports ethernet and a ASA-SM module, and collapse core and distribution. (because of EOL of FWSM).
The third one: We buy one 6509-E with SUP2T put 10GIG modules to uplink from distribution, and FWSM or ASA-SM, and put for every 500 workstations one pair of 3750x in stackwise plus for distribution, and concentrate de access on this 3750x. (attachment option_with_6509and3750x.jpg)
Please can anyone help us?
1o. FWSM or ASA-SM?
2o. To this scenario can i collapse the distribution and core, without impact in performance?
All off our clients need the quality on voice calls and high availibility 99.99%
Thank a lot!
*PS sorry about my english!