Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

3658
Views
20
Helpful
6
Replies
Highlighted
vakas10
Beginner
Beginner
‎01-17-2018 01:05 PM
‎01-17-2018 01:05 PM

Company Merger - MPLS and SD-WAN

Hello All,

Our Company (Company A) recently acquired another company (Company B). I am responsible to come up with a design solution for the merger process. Company A is using MPLS network with all the sites and has Checkpoint firewall solutions in place. Company B is mostly connected using IPSec VPNs and has a mix firewall solutions (Sonicwall, ISA, ASA, Mikrotik etc). The ideal and the desired solution is to connect the many sites of Company B using SD-WAN. However, I am not very experienced with the merger process and this is first of a kind task for me. Hence, I need a lot of help from you guys.  

 

Can you please tell me how should I proceed? What is a good SD-WAN solution? Is it possible to connect MPLS network and SD-WAN network? Which firewall solutions should be implemented in the merger? Please also share any other important point which I should keep in mind.

 

Regards!

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Philip D'Ath
Advisor
Advisor
‎01-17-2018 05:40 PM
‎01-17-2018 05:40 PM

Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...

https://meraki.cisco.com/products/appliances

It can support both MPLS and Internet based VPN using SDN at the same time.

 

The two major methods of deploying in your scenario are:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

For the Internet only sites using VPN you would use AutoVPN:

https://meraki.cisco.com/technologies/auto-vpn

 

 

You should get a Cisco partner involved for a project of this complexity.

View solution in original post

Reply
6 REPLIES 6
Highlighted
Philip D'Ath
Advisor
Advisor
‎01-17-2018 05:40 PM
‎01-17-2018 05:40 PM

Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...

https://meraki.cisco.com/products/appliances

It can support both MPLS and Internet based VPN using SDN at the same time.

 

The two major methods of deploying in your scenario are:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

For the Internet only sites using VPN you would use AutoVPN:

https://meraki.cisco.com/technologies/auto-vpn

 

 

You should get a Cisco partner involved for a project of this complexity.

View solution in original post

Reply
Highlighted
vakas10
Beginner
Beginner
In response to Philip D'Ath
‎01-22-2018 01:00 PM
‎01-22-2018 01:00 PM

Thank you for your reply. I have one question regarding the Cisco Meraki MX. If I use, for instance, MX100 at the network edge, will it be able to perform all the FW/IPS/AV etc or should I have a Layer 3 switch below it? 

 

 

0 Helpful
Reply
Highlighted
Philip D'Ath
Advisor
Advisor
In response to vakas10
‎01-22-2018 01:08 PM
‎01-22-2018 01:08 PM

Use a layer 3 switch if you need wire rate forwarding of traffic between VLANs.  If you don't need this then you can do any routing on the MX.

Reply
Highlighted
vakas10
Beginner
Beginner
In response to Philip D'Ath
‎01-22-2018 01:21 PM
‎01-22-2018 01:21 PM

Ok. One more thing, Can the firewall capabilities of MX devices match ASA or Checkpoint standards? My company is currently using Checkpoint (2200, 4200) so it will be a hard sell to go against that for new locations. 

0 Helpful
Reply
Highlighted
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
‎01-17-2018 07:03 PM
‎01-17-2018 07:03 PM

Hi

 

Cisco iWan solution could be fit:

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Apr2017/CVD-IWANDeployment-APR17.pdf

 

As Philip said, Meraki as well is perfect fit.

 

As you'll need to have a device on each location, Meraki solution will be cheaper.

 

In terms of firewall, i would go with FTD on firepower or ASA appliances. The exact model will based on your needs.

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Reply
Highlighted
vakas10
Beginner
Beginner
In response to Francesco Molino
‎01-22-2018 01:03 PM
‎01-22-2018 01:03 PM

Thank you for your reply. 

What should be the key selection point in this case while selecting a firewall? MX devices are capable of stateful firewall as well, why not use that? 

0 Helpful
Reply
Latest Contents
Cisco Secure Network Access Bridges the Gap
Created by Kelli Glass on 02-26-2021 04:19 PM
0
0
0
0
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience. Learn more about how these w... view more
Community Live Video - New Additions to the Catalyst 8000 Fa...
Created by Cisco Moderador on 02-24-2021 08:49 AM
0
0
0
0
(view in My Videos) Community Live- New Additions to the Catalyst 8000 Family (Live event -  Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT... view more
New Additions to the Catalyst 8000 Family- FAQ
Created by Cisco Moderador on 02-24-2021 07:23 AM
0
0
0
0
This event had place on Tuesday 23rd, February 2021 at 10hrs PDT  Introduction Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security combined. The platforms, available in b... view more
New Additions to the Catalyst 8000 Family- AMA Event
Created by Cisco Moderador on 02-22-2021 05:26 AM
0
0
0
0
To participate in this event, please use the  button to ask your questions New Additions to the Catalyst 8000 Family This forum is a chance to clarify all your questions related to the Catalyst 8k Family! Designed for an intent-based network, the Ci... view more
Community Live Slides- New Additions to the Catalyst 8000 Fa...
Created by Cisco Moderador on 02-22-2021 05:16 AM
0
0
0
0
Community Live- New Additions to the Catalyst 8000 Family (Live event -  Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event had  place on Tuesday 23rd, February 2021 at 10:00 hrs PDT  Designed... view more
Content for Community-Ad

This widget could not be displayed.