(Need a Network Diagram built using the information below)
Network Design Proposal
Business Requirements and Consideration
Recommended transmission speed is 10 Gbps
Internal LAN is 1Gbps, equipped for traffic of 20 + employees
MPLS secondary network that will back up the primary at all locations of 5 or more employees
Utilize single router for both primary and secondary networks at remote locations
Solution that will accommodate the bandwidth and priority required for data replication traffic between Location A and Location B, that will not interrupt other production traffic.
Accommodate future growth in VoIP traffic on WAN
Prioritization of Tier 1 and Tier 2 applications such as ERP, Email, and time tracking
IP Details for LAN and WAN Topologies
Internal static LAN IP address is 192.168.0.1
Static IP address assigned to the dynamic host, 192.168.0.2 to 192.168.0.254 using DHCP protocol.
Gigabit port capabilities include at least twenty-four physical RJ-45 ports to support future expansion.
Ethernet cabling and wireless access for connectivity for LAN networks
Reserve a block for addresses for DHCP and for static addressing.
Use different LAN IP subnets (or different subnet masks) at both ends while configuring VPN (Virtual Private Network) between different sites. Exp: If the site you are connecting to uses a 192.168.x.x addressing scheme, use a 10.x.x.x or 172.16.x.x subnet, so when the IP address changes the DHCP devices automatically pick up the IP address in the subnet.
Implement a centralized policy, configuring a hub and spoke technology, enabling the hub to communicate with all spoke sites. Note: Spoke sites can only communicate with the hub, not the spoke sites.
Sites A, B, and France will have Gi0/3 interfaces of all vEdge routers that service VPN, using Cisco SD-WAN version 19.3.0
VEdge routers establish IPSec connections with each other.
3100 Series firewall for medium-sized enterprises with allowable flexibility for future growth. Performance capabilities enabled by modern CPU architecture, optimizing firewall, cryptographic, and threat inspection functions. Higher Q in Q support. Platforms can be deployed in firewall and dedicated IPS modes. Supports Q-in-Q (stacked VLAN) up to 802.1Q headers in a packer. Also supports FTW (fail-to-wire) network modules.
Plan for Remote Access and VPN Usage
Standardized configurations across the network.
Tier 1 provider connections within the US, as connectivity over the VPN seems to be more stable and available as opposed to lease-line circuits (non-Tier 1 providers)
DST (Dynamic Split Tunneling) excludes low-risk browser traffic like videoconferencing for the VPN tunnel maximizing VPN efficiency and network performance by lowering costs.
NAS (Network Access Server, or VPN gateway enabling authenticated credentials of any device attempting to sign-into the VPN
Remote devices equipped with client software