I would like to get your thoughts about this one...
In addition to our corporate network which is currently routed via EIGRP, we also have about 50 remote sites ranging from 3 to a max of 10 people. These offices require both access to the Internet as well as access to corporate resources and we are looking for a way to establish and standardize this type of connectivity. MPLS is obviously out of the picture so VPN over the Internet is what came up.
I was thinking of introducing some device (either ASA5505, C870, C2800) at each location and establish a site-to-site VPN to head office thereby granting access to corporate resources. Another requirement in the remote offices is wireless thus the reason why the Cisco870 was favorable.
I agree. DMVPN is the way to go using Cisco 870 series with appropriate IOS. It is really scalable, so adding new sites are not time consuming at all.
If you go with ASA firewall, you will end up doing point to point tunnels. Everytime a new sites need to be added, you will need to adjust config on your hub. Not only that, it will also require greater bandwidth at Hub site.
With DMVPN, adding new sites does not require changes on your hub device. Also, full-mesh network will reduce bandwidth need at Hub compared to Point-to-point tunnels.
Using a VPN over the Internet could work very well.
If you continue to use EIGRP, you might want to configure the remote sites as stubs.
Do keep in mind if you share the Internet link for both VPN and local Internet access, corporate network performance will usually be somewhat uncontrollable. (If you don't share the link, I've found you can obtain performance often like frame-relay, if the equipment used has the needed software features.)
If providing local Internet access, insure your selected solution offers sufficient security (e.g. FW feature set). (Remote Internet security breech may expose your whole corporate network via the VPN.)
With regard to using single box to also provide wireless, probably reduces cost, but also places "all your eggs in one basket". Also, be very careful in selecting wireless security features since, again, VPN can open your whole corporate network to a remote site's wireless AP.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...