Announcement

Collapse
No announcement yet.

Two Sites - (2) Cisco 2811 + (1) PIX 501, upgrading Internet Service

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Two Sites - (2) Cisco 2811 + (1) PIX 501, upgrading Internet Service

    Hello:

    I have two sites currently using an MPLS network to bridge the two 2811 routers together. One site has DSL internet running through the PIX, sharing internet to both sites [MPLS is connected to T1 WIC on both routers, PIX connects to one Routers LAN ports]. Obviously, due to today's technology, this is a slow connection and we are preparing to upgrade.

    So - we are moving both sites to Cable Internet from the DSL. My question is, can the (2) 2811 routers be configured to talk to eachother over VPN using static IPs from the Cable providers to allow both phones and data to flow between the sites?

    - Both sites will have independent phone lines already connected and configured inside 2811, with all phones already set and working.
    - Main concerns are the two offices being able to transfer calls seamlessly between eachother and access network shares from Server & printers.

    The PIX may be obsolete if the 2811's can handle the tasks, or we may need to add an additional PIX at the second site to perform the VPN.

    Looking for advice/suggestions on this configuration.

    Thanks!

  • #2
    Re: Two Sites - (2) Cisco 2811 + (1) PIX 501, upgrading Internet Service

    If the 2811's have the advsecurity image then you should be okay. You have static's which is good as well for both sites. So are you keeping the MPLS in place or is that going away. How may phones? What type etc. Also I would do a VTI based vpn between sites. This way you get a routable interface for routing protocols and an interface you can apply QOS to. What type of bandwidth can your cable provider provide? You could also run Zone Based Firewall instead of the pix. Optimal solution would be do run asa's in front of the routers. Depending on how many users at each site, you may be able to get away with a 5505 for each site and just keep the vpn terminated between the routers as the ASA doesnt support VTI vpn's.
    Last edited by auglan; 4th April 2012, 13:30.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Two Sites - (2) Cisco 2811 + (1) PIX 501, upgrading Internet Service

      Not sure on image for 2811's.

      Plan is to drop the MPLS because it is the most expensive part of the connection, and slowest - $1k/month and only 1.5 Mbps.

      Current bandwidth will be 18 down, 2 Up on 1 site, and 12/2 at other, with options to increase up to 100/10 (with a price increase).

      There are only 6 users at one site, and 4 at other, so starting off low to see if it will be sufficient. There are about 14 phones total, split between the two locations, and they are Cisco IP 7941.

      Comment


      • #4
        Re: Two Sites - (2) Cisco 2811 + (1) PIX 501, upgrading Internet Service

        You don't have a whole lot of phones right now so bandwidth should be okay. You will need to check your latency once the vpn is established as voice traffic is very delay sensative. I would still put a QOS policy in place though to prioritize your voice traffic. Like I said the benefit of a VTI based vpn is a routable interface where you can apply policy too.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment

        Working...
        X