Hello Thomas,   thanks for the quick reply

Actually its quite simple, we don have special requirements, nor do we want to create them. No VPN for remote users, no VLAN, VoIP traffic coexists with the little data traffic. The lan is 10/100 not even giga.

I like the models you suggest, you have good taste,   those are the nice ones.

Could we step down to maybe the RV082 and RV016?

How would you connect the ADSL and P2P link? in the wan ports? or VPN to headquarters?

thats the part we want to define first.

thanks!

Alejandro, the p2p links can go to the WAN ports since the router will NAT the connection anyway. The RV082 and RV016 are also very cool products. The RV016 has up to 7 WAN connections and a dedicated DMZ port. The firmware code for the RV0xx is very stable and quite mature since these routers have been out "forever".  The SA540 I think is a great implementation for the main site for the simple fact, 25 SSL vpn users , dual wan feature and will be able to support hub sites if you choose site to site vpn and remote users.

Although your immediate needs do not dictate things such as VPN it should be one of your heaviest considerations, a VPN and the ability to work remote will save you a headache at some point or may even allow you an extra day off if you just needed to do a short task The other benefit is making the SA540 the central location, having RV0XX connecting in to this, the site to site tunnels will work beautiful so you don't have to mess around with RDP or other features unless you choose to.

With the extra ports of a SA540 and the RV082/RV016, that should also reduce your equipment overhead, obviously if each site has less than 15 users, RV016 is the only equipment needed aside may be an AP connection.

-Tom
Please rate helpful posts

I agree with the rv units, we have several working, and we feel comfortable with them. That's why I mentioned them.

So if we went with rv016 for HQ, we could use its 7 wan ports to receive the p2p links from the other offices, and run VPN site to site on those, use the spare wan ports for ISP ?

Then we would configure the ISP on say wan1 of each rv082 and the p2p link on wan2 and to VPN site to site to the rv016 ?

Local internet traffic would leave each office via its ISP wan, and VoIP would travel over the site to site vpn?

It this theoretically correct?

Thanks for the suggestions. Much appreciated.

Sent from Cisco Technical Support iPad App

The site to site tunnels will be split tunnel, meaning local internet request use the router WAN. VPN traffic will of course use the tunnel. For IPSEC VPN to work, each site needs a different LAN IP address. In a usual peer to peer connection, each devuce has the same subnet. This is where your challenge can be. If all hub site are the same LAN scheme, VPN won't be possible.

Could you provide a diagram with IP scheme and the actual proposal? I'd hate to eat my own foot.

-Tom
Please rate helpful posts

Its a makeover we can have any IP ranges we want.

I understand the IPSEC requiring separate ips, dont love the idea .. but

How would you do it peer to peer with the same subnet?

Having everyone on say, 192.168.1.X would be nice.

But how do you make the local routers act as gateways on the remote offices, and send the VoIP and software data over the air links?

thanks all ideas appreciated.

Alejandro, the RV042 supports transparent bridge on the second WAN interface. This can connect all segments on the same LAN. The VOIP traffic I don't think is of any concern since you should specify the PBX/TFTP as a private IP anyway, it won't have a choice but to stay on the LAN.

-Tom
Please rate helpful posts

Hello

My question is, which is the main DHCP server and gateway? 

If we enable DHCP and gateway on headquaters, and link a location B via a LAN  to LAN port, and location B also has a DHCP server running, its going to make a mess right?

Linking via WAN2 ports

http://screencast.com/t/uDWqTYHRZx

Linking via LAN ports

http://screencast.com/t/dau8a3Ui68uV

Which is the best way?

i would love to stick to RV016 and 82 it it is possible, will consider an alternative if it is not.

all pointers appreciated

Hi Alejandro, I if making the LAN to LAN connection, it does make a mess. But a way to work around this is STATIC DHCP. On the DHCP Setup, you can bind an IP address to MAC address. You can make all different locations a different DHCP scope within the same subnet. This should prevent overlapping DHCP scope while providing the correct default gateway to use the internet.

Reference the image below. I have tested this in my lab.

The central router, I provided it 30 IP addresses for the LAN DHCP. How this works is kind of neat. Let's say all hub sites are set up as below. You have a controled number of users for each site and no expansion expected to use each local WAN. Set up static DHCP for all devices expected to connect and make the DHCP scope to fit ONLY that number of clients at the hub sites.

The trick here is that, anyone that DOES NOT have static DHCP set up will obtain DHCP from the central site and use the central site internet connection. You can manipulate this any way you want, but this is how I set it up, tested and saw that it is pretty cool. But you MUST be extremely careful, if your DHCP at any site is more than the static DHCP you will have the disaster of multiple DHCP on the same LAN.

-Tom
Please rate helpful posts