SSL and IPSEC VPNs - design considerations for companies merging?
I'm looking for some advice/suggestions on best design practice in the following scenario:
Our company (Company A) has several hundred remote branches. Each branch has a Cisco 800 series router and ADSL line and we employ IPSEC VPN to allow these remote sites to connect to our head office resources (the IPSEC VPNs terminating on ASA5500 series firewall)
We have merged with another company (Company B) who have a smaller number of branches, around 100. They use cheap consumer grade ADSL routers in their branches and connect to their head office resources (behind a Fortigate firewall) using browser based SSL VPNs.
We want to integrate both systems so that, effectively, each branch will be able to access resources at "Head Office A" AND resources at "Head Office B" (this will be needed on a temporary basis before all systems are fully integrated in one head office).
What are people's thoughts on the best way of achieving this? e.g. should/could we have IPSEC to Head Office A running in parallel with SSL VPN to Head Office B? Or would it be better to have, say, IPSEC VPNs for communications to both head offices (or, indeed, SSL VPNs for communications to both offices)
And how might we facilitate a rollout of new config/technology to such sites? (e.g. if we needed to send out 100 new routers, would we have to configure all 100 individually or are there any clever techniques or processes to aid in a mass configuration of such devices?)
Also, similar topic, but what resilience options are there for backup to the branch ADSL line? All I can really think of is to use 3G as a backup or, perhaps, to bond ADSL lines to give increased bandwidth and the resilience if one of the lines was to drop. Anyone got any thoughts on this aspect?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.