cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5730
Views
25
Helpful
7
Replies

Company Merger - MPLS and SD-WAN

vakas10
Level 1
Level 1

Hello All,

Our Company (Company A) recently acquired another company (Company B). I am responsible to come up with a design solution for the merger process. Company A is using MPLS network with all the sites and has Checkpoint firewall solutions in place. Company B is mostly connected using IPSec VPNs and has a mix firewall solutions (Sonicwall, ISA, ASA, Mikrotik etc). The ideal and the desired solution is to connect the many sites of Company B using SD-WAN. However, I am not very experienced with the merger process and this is first of a kind task for me. Hence, I need a lot of help from you guys.  

 

Can you please tell me how should I proceed? What is a good SD-WAN solution? Is it possible to connect MPLS network and SD-WAN network? Which firewall solutions should be implemented in the merger? Please also share any other important point which I should keep in mind.

 

Regards!

1 Accepted Solution

Accepted Solutions

Philip D'Ath
VIP Alumni
VIP Alumni

Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...

https://meraki.cisco.com/products/appliances

It can support both MPLS and Internet based VPN using SDN at the same time.

 

The two major methods of deploying in your scenario are:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

For the Internet only sites using VPN you would use AutoVPN:

https://meraki.cisco.com/technologies/auto-vpn

 

 

You should get a Cisco partner involved for a project of this complexity.

View solution in original post

7 Replies 7

Philip D'Ath
VIP Alumni
VIP Alumni

Cisco Meraki is particularly good for this - but it would mean putting an MX into every site ...

https://meraki.cisco.com/products/appliances

It can support both MPLS and Internet based VPN using SDN at the same time.

 

The two major methods of deploying in your scenario are:

https://documentation.meraki.com/MX-Z/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

For the Internet only sites using VPN you would use AutoVPN:

https://meraki.cisco.com/technologies/auto-vpn

 

 

You should get a Cisco partner involved for a project of this complexity.

Thank you for your reply. I have one question regarding the Cisco Meraki MX. If I use, for instance, MX100 at the network edge, will it be able to perform all the FW/IPS/AV etc or should I have a Layer 3 switch below it? 

 

 

Use a layer 3 switch if you need wire rate forwarding of traffic between VLANs.  If you don't need this then you can do any routing on the MX.

Ok. One more thing, Can the firewall capabilities of MX devices match ASA or Checkpoint standards? My company is currently using Checkpoint (2200, 4200) so it will be a hard sell to go against that for new locations. 

Francesco Molino
VIP Alumni
VIP Alumni

Hi

 

Cisco iWan solution could be fit:

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Apr2017/CVD-IWANDeployment-APR17.pdf

 

As Philip said, Meraki as well is perfect fit.

 

As you'll need to have a device on each location, Meraki solution will be cheaper.

 

In terms of firewall, i would go with FTD on firepower or ASA appliances. The exact model will based on your needs.

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thank you for your reply. 

What should be the key selection point in this case while selecting a firewall? MX devices are capable of stateful firewall as well, why not use that? 

robmiller
Level 1
Level 1

What should be the key selection point in this case while selecting a firewall? MX devices are capable of stateful firewall as well, why not use that.

Review Cisco Networking for a $25 gift card