Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
2
Replies

Looking for advice on WAN upgrades

troytripp
Level 1
Level 1

‎12-05-2005 09:57 AM - edited ‎03-03-2019 11:09 AM

Please bear with me: I'm an old hand with Cisco, but I haven't really done any WAN work in about four years, so I've gotten rusty.

I have a WAN scattered across about a dozen sites. There are about 100 users at the main site, 30 a what will be the secondary site, and the remaining sites will have anywhere from 2-12 users. Right now, everybody is on a VPN over DSL (excecpt the main site, which is a T-1).

Currently all we are dealing with is Citrix traffic, but I'm tasked with adding teleconferencing, building a redundant site (SQL and e-mail), and transfering all file services to my primary site (with data being replicated to the secondary site).

What I really need advice on is hardware. I could get really silly and have dual 7600s, redundant Cat 6513s and PIX 535's at the primary and secondary sites, and slap 3800s at all the other sites, but that would be a bit over budget (which I don't even have, btw!) I guess what I'm hoping for is someone out there who has a similar setup (small number of users scattered across multiple sites, who will need voice, video and data across IP, and supporting mission-critical apps to remote locations with redundant links).

It really is going to be a situation where a small company is going to need some big-company services. I'm wondering if having separate routers, firewalls and switches in each location makes any sense, or if collapsing everything into a single Catalyst for each site with router and firewall modules installed would be better. And what about redundancy? Do I really need two firewalls, two routers, etc., to get high availability?

Sorry about how vague all this is, but my last big Cisco environment was at AT&T, so top-end, redundant hardware was just a given. Trying to come up with something secure and reliable for a small company while still being able to handle bells and whistles like VoIP without breaking the bank just has me confused.

This is a medical facility, BTW, so I have to keep HIPPA in mind, so security is a significant concern. Thanks.

Labels:
0 Helpful
2 Replies 2

thisisshanky
Level 11
Level 11

‎12-05-2005 07:53 PM

Troy,

My first question to you, is whether you plan to stay with existing vpn solution for wan, or to use dedicated bandwidth links like leased lines or frame-relay or qos enabled MPLS cloud to network all these sites together ? Decide on this before you move on.

What videoconferencing solution are you using ? Tandberg ? Definitely note that for good video over ip quality, 384kbps to 768 kbps per video call should be reserved. Also if you plan to replicate SQL, SQL databases have restrictions on the round trip time between the servers, or else replication may break.

At the main site your 100 users are probably scattered in different wiring closets (or could be all in one core switch). Either ways adding some redundancy there definitely helps as its the core site. You dont need 7600s, but you can think about using a 6509 or 6506 (either dual 6500s with one Sup engine on each and dual power supplies). Or a cheaper solution would be to buy one 6509, with two Sup engines and two power supplies.

You definitely want to use a firewall such as PIX 515 or 525. You might want to consider getting a UR/UR or UR/FO bundle if you want to configure failover between the two as well as adding more interfaces to host web, email or ecommerce servers.

Also think about getting the ASA platform which has firewall, vpn as well as IDS capabilities (by adding a SSM module). ASA and PIX run the same code (7.0 and up). Just that ASA gives you more value for money.

You dont need dual 3800s for your internet facing routers unless you plan to use high bandwidth links like DS3 as well as using load balancing using BGP for your internet links. 2800s should do just fine.

Each remote site depending upon the size of the branch, only needs a router such as 1800 or 2800 with a switch (either layer 3 - preferred or layer 2).Since most of your offices have 2-12 users you can use a l2 switch such as Catalyst Express 500 (note that this switch is managed using web and no CLI).

HTH

PS: Please remember to rate helpful replies!

Sankar.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

Mikhail.Galiulin
Level 1
Level 1

‎12-06-2005 12:16 AM

I would just recommend you before buying a lot of "heavy" equipment to check your SLA. Or check with your users/customers how long time can they wait in case of some services goes down. Then basing on these numbers you can chose proper solution - either dual 7600/redundant 6513 or more simple routers/switches together with Smartnet or something other. It could be more effective in your case to use something more simple than 65XX and 7600.

So start from formal requirements (SLA)!

//Mikhail Galiulin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card