Cisco Community
English
Register
ANNOUNCEMENT - Upcoming Changes in the email address of Community email notifications - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

3170
Views
20
Helpful
6
Replies
Highlighted
vakas10
Beginner
Beginner
‎01-17-2018 01:05 PM
‎01-17-2018 01:05 PM

Company Merger - MPLS and SD-WAN

Hello All,

Our Company (Company A) recently acquired another company (Company B). I am responsible to come up with a design solution for the merger process. Company A is using MPLS network with all the sites and has Checkpoint firewall solutions in place. Company B is mostly connected using IPSec VPNs and has a mix firewall solutions (Sonicwall, ISA, ASA, Mikrotik etc). The ideal and the desired solution is to connect the many sites of Company B using SD-WAN. However, I am not very experienced with the merger process and this is first of a kind task for me. Hence, I need a lot of help from you guys.  

 

Can you please tell me how should I proceed? What is a good SD-WAN solution? Is it possible to connect MPLS network and SD-WAN network? Which firewall solutions should be implemented in the merger? Please also share any other important point which I should keep in mind.

 

Regards!

Labels:
Everyone's tags (6)
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Philip D'Ath
Advisor
Advisor
‎01-17-2018 05:40 PM
‎01-17-2018 05:40 PM

Re: Company Merger - MPLS and SD-WAN

Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...

https://meraki.cisco.com/products/appliances

It can support both MPLS and Internet based VPN using SDN at the same time.

 

The two major methods of deploying in your scenario are:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

For the Internet only sites using VPN you would use AutoVPN:

https://meraki.cisco.com/technologies/auto-vpn

 

 

You should get a Cisco partner involved for a project of this complexity.

View solution in original post

Reply
6 REPLIES 6
Highlighted
Philip D'Ath
Advisor
Advisor
‎01-17-2018 05:40 PM
‎01-17-2018 05:40 PM

Re: Company Merger - MPLS and SD-WAN

Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...

https://meraki.cisco.com/products/appliances

It can support both MPLS and Internet based VPN using SDN at the same time.

 

The two major methods of deploying in your scenario are:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

For the Internet only sites using VPN you would use AutoVPN:

https://meraki.cisco.com/technologies/auto-vpn

 

 

You should get a Cisco partner involved for a project of this complexity.

View solution in original post

Reply
Highlighted
vakas10
Beginner
Beginner
‎01-22-2018 01:00 PM
‎01-22-2018 01:00 PM

Re: Company Merger - MPLS and SD-WAN

Thank you for your reply. I have one question regarding the Cisco Meraki MX. If I use, for instance, MX100 at the network edge, will it be able to perform all the FW/IPS/AV etc or should I have a Layer 3 switch below it? 

 

 

0 Helpful
Reply
Highlighted
Philip D'Ath
Advisor
Advisor
‎01-22-2018 01:08 PM
‎01-22-2018 01:08 PM

Re: Company Merger - MPLS and SD-WAN

Use a layer 3 switch if you need wire rate forwarding of traffic between VLANs.  If you don't need this then you can do any routing on the MX.

Reply
Highlighted
vakas10
Beginner
Beginner
‎01-22-2018 01:21 PM
‎01-22-2018 01:21 PM

Re: Company Merger - MPLS and SD-WAN

Ok. One more thing, Can the firewall capabilities of MX devices match ASA or Checkpoint standards? My company is currently using Checkpoint (2200, 4200) so it will be a hard sell to go against that for new locations. 

0 Helpful
Reply
Highlighted
Francesco Molino
VIP Advisor VIP Advisor
VIP Advisor
‎01-17-2018 07:03 PM
‎01-17-2018 07:03 PM

Re: Company Merger - MPLS and SD-WAN

Hi

 

Cisco iWan solution could be fit:

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Apr2017/CVD-IWANDeployment-APR17.pdf

 

As Philip said, Meraki as well is perfect fit.

 

As you'll need to have a device on each location, Meraki solution will be cheaper.

 

In terms of firewall, i would go with FTD on firepower or ASA appliances. The exact model will based on your needs.

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Reply
Highlighted
vakas10
Beginner
Beginner
‎01-22-2018 01:03 PM
‎01-22-2018 01:03 PM

Re: Company Merger - MPLS and SD-WAN

Thank you for your reply. 

What should be the key selection point in this case while selecting a firewall? MX devices are capable of stateful firewall as well, why not use that? 

0 Helpful
Reply
Latest Contents
A beginner question
Created by ezhilcharu on 07-03-2020 09:13 AM
3
0
3
0
QuestionWhat is module number ? i.e. the 0 in 0/1Answer 
Capture the Flag is going virtual! Networking missions star...
Created by dbrittin on 07-03-2020 06:09 AM
0
0
0
0
Game on! As a part of Cisco Live US auxiliary programs, we invite you to learn new technologies and obtain hands-on experience in a fun way by playing Capture the Flag (CTF). Your mission: solve interesting challenges based on use-cases, technologies and ... view more
IPv6 on cellular connection on Cisco 1111
Created by kasper123 on 07-03-2020 03:28 AM
0
0
0
0
Hi,I'm trying to setup a cellular connection on my Cisco 1111 router.The interface is UP and it gets a private IPv4 and a public IPv6 address.If I try to send something on IPv4 through the cellular interface it works fine.But there seems to be an issue wi... view more
Group-Based Policy Analytics Deployment Guide
Created by jeaves@cisco.com on 07-02-2020 02:54 AM
0
0
0
0
  For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document format you like.   Jonothan Eaves      Que... view more
Is your WAN ready for a multicloud transformation?
Created by gajewell on 07-01-2020 11:00 PM
0
0
0
0
Is your WAN ready for a multicloud transformation? Network Insider Live Webinar Tuesday, July 21, 2020 10:00 am Pacific Time (San Francisco, GMT-08:00) This webinar will show how convergence between SD-WAN and Security is emerging as important new SASE a... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community May 2020 Spotlight Award Winners
Follow our Social Media Channels