Hello everyone! There is a huge local network based on server with applications and users of different remote branches, what use these. Rest of servers protected by firewall Palo Alto, and have gateway on it. PA connected to the core switch. But there is several Goldfish servers, what connected to Cisco ACE 4710, having gateway on this. They tried to migrate these servers to the PA like others, but since then done this, clients had problems with connetction to these servers, and local admins get the back to the ACE. As they say, reason was MTU size, which cannot be set on the PA.
Client side represented by big amount of different by host count and place it replaced. There is 3 kind of firewall, connected to the Core switch - ASR 1001, ASA 5520 and ASA 5585x. Some branches connecting by StS VPN to ASR, some by Flex VPN, some connecting to 5585x by StS VPN , and there is third ones - placed on other different countries, which data doesn;t come by local provider, like others, connects to 5520 by Internet , using Easy VPN. Internet HA in this whole network represtned by Firepower 2120, which also connected to the Core.
The case and main question is find weak sides of this topology and connections, and suggest solutions to bring network to modern standards. Thanks for attension)