Messages

Hi friends,

I need to buy router multi-WAN with VPN, to create a site-to-site VPN (and possibly client-to-site VPN later).
At first I want to buy Linksys LRT224 (using IPSec, dual gigabit WAN failover), and from what I'm looking is a good solution and easy to configure (provide simple UI). But all online store in my country is out of stock.

So I've been looking other option (range 200$-300$), at first I looked up to TP-LINK ER6120 / ER7206. But I'm still confused between the two because the ER7206 I think having better spec but with cheaper price. And also some Ubiquity line of products, but the configuration is using command line from what I read.

I need your advice on this, what do you think is the better option or if you have other WAN router with VPN recommendation it would be helpful. (I am new to networking, I probably need a recommendation on router that easy to setup).

*The requirement of the VPN is for small to medium company with concurrent number of users 50 - 100, mainly for file sharing and software network licenses (CAD, Solidworks) purposes.

Best Regards,
Antony

Hi Otanx,
Thanks for ur response.

At a high level the plan seems fine. A lot of companies do VPNs over the internet instead of paying for dedicated circuits.

Can u explain what you mean by high level? Do you mean the experience of the network engineer (or team and such)?

If it will work in your case is dependent on your requirements, and quality of internet.

So I should get the correct requirement first of the current network? (is this including throughput, bandwidth, usage, etc?)
Do you have suggestion on what and how I should measure to get the correct requirement before moving to the vpn over internet?

We don't know what base of knowledge you are starting with.

Honestly I dont't have any experience in networking, I have some knowledge in basic networking from school though but it was years ago.

Hi deanwebb,
Thanks for ur response.

I already have a plan to migrate the on-prem ERP app to the cloud as well.
But I think if I want to moving from MPLS, I still need the replacement. Because we are using:
- folder sharing between those company sites
- software network licenses (Autocad, solidworks)
- tax software (this could also be moved to cloud I think)

What do u think of this requirement?

Hi experts,
I need your advice on this.

I was tasked to ditching the MPLS subscription that we use for connection between 3 main sites, and to replacing it with a new solution (budget issue, to minimize the company's OPEX)
Our company has a network configuration on these 3 sites like this bellow:

1. Site 1 - Head Office (Backbone network and worked as data center)
Start -> ISP
-> (Firewall) device: Cisco ASA 5515-X
-> (Internet Router & WAN Router) devices: Cisco ISR 4331 (2 pcs)
-> 2 Core Switch (Juniper)
-> Users PC -> End
2. Site 2
Start -> ISP
-> (Firewall) device: Cisco ASA 5512-X
-> (Internet Router) Cisco ISR 4321
-> 2 Core Switch
-> Users PC -> End
3. Site 3
Start -> ISP
-> (Firewall) device: Cisco ASA 5512-X
-> (Router) Cisco ISR 4321
-> 2 Core Switch
-> Users PC -> End
*Notes: Each site uses a VPN IP (MPLS) service that comes from an ISP provider, to give Site 2 & 3 access to Site 1 server.

4. Site 4,5, & 6 (smaller sites)
ISP -> MIkroTik router -> Switch -> User
Connected to Site 1 Cisco Router, using VPN tunnel over internet.

My idea is to create a new connection between 3 main sites using VPN tunnel over the internet, like site 4,5, & 6. What do you think about this plan when it comes to replacing MPLS?

Now the issue I have is, I'm totally new to networking and my boss wants me to learn and do this job.

If you think switching to a multi site VPN is a good move, how long does it generally take to get enough knowledge to do this? And is it necessary to take Cisco certification?

In making the solution, it seems I have to do a simulation first before going to the production router. Is using software such as Cisco Packet Tracer or GNS3 sufficient to simulate the actual configuration, and ensure the configuration is safe to deploy? (Because our company does not have an extra Cisco router to do lab configuration and testing)

Please give me your thoughts on this, or insights or advice, I would really appreciate it.

Hi experts,
I need your advice, what do you think if asked to replace the current network router and network firewall with another type of router and firewall.
This is a more or less summary of the current network system:

Head Office
Start -> ISP
-> (Firewall) device: Cisco ASA 5515-X
-> (Internet Router & WAN Router) devices: Cisco ISR 4331 (2 pcs)
-> 2 Core Switch (Juniper)
-> Users PC -> End

Branch 1
Start -> ISP
-> (Firewall) device: Cisco ASA 5512-X
-> (Internet Router) Cisco ISR 4321
-> 2 Core Switch
-> Users PC -> End

Branch 2
Start -> ISP
-> (Firewall) device: Cisco ASA 5512-X
-> (Router) Cisco ISR 4321
-> 2 Core Switch
-> Users PC -> End

*Notes: Each site uses a VPN IP (MPLS) service that comes from an ISP provider, to give branch office access to Head Office server.

All devices use Cisco, as well as maintenance and replacement of devices using the services of vendors. The company management wants to save costs by replacing existing devices with other brands, so that maintenance can be carried out by the company's internal IT. Also to replace existing VPN IP subscriptions, by creating a site-to-site VPN over the internet,
implemented on new devices.

Now this is the problem,
I stopped at this task, because I am a software engineer and have very little experience about networking. I was asked to learn from scratch and hopefully can handle the task. Also all the IT team doesn't understand Cisco at all, so they don't dare touch the device, let alone do the configuration. Because it's currently being used in production/live operation, it shouldn't experience trouble or downtime.

Please give me your thoughts on this, or insights or advice, I would really appreciate it.

Best Regards,
Antony