Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1246
Views
10
Helpful
8
Replies

DESIGN GUIDE FOR SETTING UP A BRANCH TO HQ NETWORK

Christopher Kofon
Level 1
Level 1

‎02-10-2020 01:34 PM

Hi Everyone.

 

I've been tasked to design and build a network for an organization with 5 - 10 locations connecting to a central head office. The head office will house a modest data center that will have applications/servers providing services to the branch locations. I plan to use Cisco routers and switches. What I wanted to know is if there is a design guide I could use because I intend to employ all of Cisco's networking best practices. I know there are CVPs but the ones I have seen beyond what I had in mind.

 

Any assistance with the guide is appreciated.

0 Helpful
8 Replies 8

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-10-2020 01:46 PM

If you've never done this before I strongly recommend getting a system integrator involved.
0 Helpful

Christopher Kofon
Level 1
Level 1
In response to Leo Laohoo

‎02-11-2020 12:36 AM

Hi Leo.

 

Thank you for your comment. I can see why you say I should involve a system integrator. However, I have done similar jobs and completed tasks just like the one I am trying to do. I have set up VPNs  between branches and their head office using Cisco routers as well as configured ASAs and Catalyst switches to do just what I have been tasked with. Why I am asking for a guide is probably because I would like to have some sort of reference to help ensure everything is done properly to know I am doing it right. Everything I have done in the past has worked just as I had planned. So I possibly am looking for some kind of validation. I have colleagues that do help with configuration and providing advice on how to get the job done, but I wanted to get other resources that is why I asked if there is a guide I could use. 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Christopher Kofon

‎02-11-2020 12:45 AM

There is no such thing as a "one guide" because it is not a "one size fits all".

There are several different guides, like Cisco Guide to Harden Cisco IOS Devices, that will only provide guidance into one slice. 

You'll need to find each individual guide for FW, wireless, voice, etc and them amalgamate them into one.

Georg Pauwen
VIP
VIP
In response to Christopher Kofon

‎02-11-2020 12:57 AM

Hello,

 

based on what you say your experience is, in my opinion, you should very well be able to plan, design, and implement this yourself. Your best option is probably a mGRE DMVPN, which is easy to implement and expand (such as the one depicted in Figure 2-5 of the attached document).

 

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Branch/BRBranch/BRBranch/BRB_CH2.html#wp1039286

 

Do you have the hardware selected already ? If not, what is the size (number of users and bandwidth necessary) of your head and branch office ? It all depends on your budget obviously, but for the HQ, you could use the ASR1K, for the branches the ISR1K and Catalyst 9K switches.

Christopher Kofon
Level 1
Level 1
In response to Georg Pauwen

‎02-11-2020 05:06 AM

Thank you Georg Pauwen

 

I planned to use GRE over IPSec for branch connectivity to the data center. Branches have an average of 20 - 30 users for the smaller locations and 40 - 80 for the bigger locations. Our links are between 2 - 5mbps. We may consider upgrading the bigger branches to 10mbps. I have ISR2900 and 4300 routers in the branches with 2960 switches. The data center will have an ISR4431, with Catalyst 2960 and 3850 switches. 

 

Thanks for the document you suggested. I will use this and the one Leo Laohoo recommended to implement my build. If you have any more pointers or recommendations, documents or tips, I would be very grateful.

0 Helpful

Georg Pauwen
VIP
VIP
In response to Christopher Kofon

‎02-11-2020 05:43 AM

Hello,

 

how are you sites currently connected ? The advantage of using MPLS and DMVPN is that your branches talk to each other directly...unless that is something you do NOT want, of course...

 

Other than that, your current equipment is more than sufficient, especially since your links are very low speed.

0 Helpful

Christopher Kofon
Level 1
Level 1
In response to Georg Pauwen

‎02-12-2020 04:43 AM

Our sites are connected mostly through point to multi-point links via our service providers and they are not necessarily MPLS links. We haven't really considered DMVPN, we would prefer to have each site/link come over to the ISR4431 data center network through individual GRE tunnels and then use EIGRP to advertise routes. We may consider moving over to MPLS or a situation where our branches can talk to each other, especially if we want to deploy local IP telephony and video conferencing systems in each branch but now being able to talk to the data center from the branches is the main requirement.
Thank you very much for your help Georg Pauwen. I do feel a lot more settled having received your input. I will let you know how the deployment goes.
All the best.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-10-2020 02:22 PM

agree with @Leo Laohoo , Ask yourself do you have the expertise that can take the business risk.

 

Suggest to contact Cisco SE, Partner, GOLD Partner can help you build one for you.

 

Cisco has many CVD, but putting all together and make Bill of Material a big task along with the implementation plan.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card