Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5666
Views
25
Helpful
7
Replies

Company Merger - MPLS and SD-WAN

Go to solution
vakas10
Level 1
Level 1

‎01-17-2018 01:05 PM - edited ‎03-08-2019 05:31 PM

Hello All,

Our Company (Company A) recently acquired another company (Company B). I am responsible to come up with a design solution for the merger process. Company A is using MPLS network with all the sites and has Checkpoint firewall solutions in place. Company B is mostly connected using IPSec VPNs and has a mix firewall solutions (Sonicwall, ISA, ASA, Mikrotik etc). The ideal and the desired solution is to connect the many sites of Company B using SD-WAN. However, I am not very experienced with the merger process and this is first of a kind task for me. Hence, I need a lot of help from you guys.  

 

Can you please tell me how should I proceed? What is a good SD-WAN solution? Is it possible to connect MPLS network and SD-WAN network? Which firewall solutions should be implemented in the merger? Please also share any other important point which I should keep in mind.

 

Regards!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎01-17-2018 05:40 PM

Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...

https://meraki.cisco.com/products/appliances

It can support both MPLS and Internet based VPN using SDN at the same time.

 

The two major methods of deploying in your scenario are:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

For the Internet only sites using VPN you would use AutoVPN:

https://meraki.cisco.com/technologies/auto-vpn

 

 

You should get a Cisco partner involved for a project of this complexity.

View solution in original post

7 Replies 7

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎01-17-2018 05:40 PM

Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...

https://meraki.cisco.com/products/appliances

It can support both MPLS and Internet based VPN using SDN at the same time.

 

The two major methods of deploying in your scenario are:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

For the Internet only sites using VPN you would use AutoVPN:

https://meraki.cisco.com/technologies/auto-vpn

 

 

You should get a Cisco partner involved for a project of this complexity.

Go to solution
vakas10
Level 1
Level 1
In response to Philip D'Ath

‎01-22-2018 01:00 PM

Thank you for your reply. I have one question regarding the Cisco Meraki MX. If I use, for instance, MX100 at the network edge, will it be able to perform all the FW/IPS/AV etc or should I have a Layer 3 switch below it? 

 

 

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to vakas10

‎01-22-2018 01:08 PM

Use a layer 3 switch if you need wire rate forwarding of traffic between VLANs.  If you don't need this then you can do any routing on the MX.

Go to solution
vakas10
Level 1
Level 1
In response to Philip D'Ath

‎01-22-2018 01:21 PM

Ok. One more thing, Can the firewall capabilities of MX devices match ASA or Checkpoint standards? My company is currently using Checkpoint (2200, 4200) so it will be a hard sell to go against that for new locations. 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-17-2018 07:03 PM

Hi

 

Cisco iWan solution could be fit:

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Apr2017/CVD-IWANDeployment-APR17.pdf

 

As Philip said, Meraki as well is perfect fit.

 

As you'll need to have a device on each location, Meraki solution will be cheaper.

 

In terms of firewall, i would go with FTD on firepower or ASA appliances. The exact model will based on your needs.

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
vakas10
Level 1
Level 1
In response to Francesco Molino

‎01-22-2018 01:03 PM

Thank you for your reply. 

What should be the key selection point in this case while selecting a firewall? MX devices are capable of stateful firewall as well, why not use that? 

0 Helpful

Go to solution
robmiller
Level 1
Level 1

‎03-10-2022 10:57 AM - edited ‎03-10-2022 10:58 AM

What should be the key selection point in this case while selecting a firewall? MX devices are capable of stateful firewall as well, why not use that.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card