Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2017
Views
0
Helpful
3
Replies

Network Design project for new site

sachinsharma2010
Level 1
Level 1

‎10-11-2012 11:53 AM - edited ‎03-03-2019 06:47 AM

Hello every one,

we are going to introduce a new office.as we have already running a setup in older one.

we have already an ASA 5510 and a RV042 router in old setup.

Now i purchased 2 3560 48 port switches with enhence image and a 2611xm router.  we have a data center on remote location which is connected to us through a MPLS and a site to site VPN.

Now my new design objectives using the ASA 5510,2611xm,3560 and some other L2 switches are;-

  • Two      Independent Internet connectivity like we have two internet connections so      we want to utilize both connections at a single time but at the time of      one internet failure work should not be effected.
  • No Single      Point of Failure for local lan. Sever farm, VPN and Internet. Excluding      Normal users which are using lan connections.
  • Failover      for L3 switch(manageable) and gateway Firewall and router.
  • NOC will      have two gateway if one goes down they change their machine      gateway and work should not be stop because all the monitoring for servers      and transactions are being from here.
  • Noc will      access to Data center, via MPLS as primary and via Tunnel as      secondary.
  • Technical/      Developers will have access to Data center, primary via Firewall      Tunnel and Secondary via 2611xm Tunnel.
  • Noc Internet Access via Firewall/Airtel      as primary and secondary via 2611xm/BSNL.
  • Non-Tech      Internet Access via 2611xm/BSNL as Primary and Secondary via Firewall
  • Non-Tech      or Technical Internet access via Proxy server.
  • Users via      access points will be part of non-trusted zone and will have access to      Internet via proxy via BSNL. These users will not be able to access server      farm, however they can access data center farm via client VPN.
  • Sever      Farm will be on separate VLAN and should be accessible to all other then      Access Point User / un-trusted Lan.
  • Users - Noc (Seprate VLAN), Developers (seprate VLAN), Except other      users (Seprate Vlan) ,Wifi Users (Seprate VLAN)
  • Mobile      users should have access of Servers in Gurgaon as well as Mumbai through      secure VPN tunnel.

i am also attaching the proposed n/w diagram and vlan plan, kindly suggest how to do this

Labels:
Preview file
10 KB
Preview file
182 KB
0 Helpful
3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

‎10-13-2012 03:45 AM

hi there  i think you put all your tasks list here

anyway i will try to answer as much as i can

Two      Independent Internet connectivity like we have two Internet connections so      we want to utilize both connections at a single time but at the time of      one Internet failure work should not be effected.

see this link can be helpful

https://supportforums.cisco.com/docs/DOC-8313

Failover      for L3 switch(manageable) and gateway Firewall and router.

- you can use HSRP in the L3 switches and and static route to the router and ASA for example

- for VPN primary and secondary this is up to you how to configure the IP of the remote access client side

- for primary and secondary Internet link path/link you can use the idea in the link above make sure you consider NATing as well

- for isolating users/wifi .etc this is something you can do by making multiple subinterface in the FW interface trunk it to a L2 switch and make each group of users to use one of the subinterfaces as the default gateway for traffic filtering

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b81500.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094767.shtml

hope this help

if helpful rate

0 Helpful

Jigar Dave
Level 3
Level 3

‎10-14-2012 08:09 AM

Hi each in, you have pasted all project tasks assigned to this project here publicly, this shouldn't be a good practice though. I am just wondering you are the design engineer of this project or this is something you don't know? Have your organization hire Cisco consultant for this project or you are the consultant yourself?


Sent from Cisco Technical Support iPad App

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to Jigar Dave

‎10-14-2012 01:21 PM

Jigar,

this is Cisco's Support community forums where people can ask and discuss questions for real world cases and for learning too

and it is not necessarily need to be a best practice "what you called it" or an officail answer from cisco

Regards,

0 Helpful
Customers Also Viewed These Support Documents