kapbrew13 said:Go wireless or are they still teaching you about token ring networks and using 9600 baud modems?
cageybee said:I don't know what class you're taking, but the material seems fabulous....great preparation for the CISSP exam. I'm still studying this stuff myself so I won't be able to give you the best answer, but if you used a private circuit to connect the offices, encryption wouldn't be required. if over the Internet, VPN tunnels provide encryption automatically.
The rest of my degree program are these certification prep classes. Network+, Security+, CISSP, Windows Server 2008 and some others.
I don't think my professor would be very happy if I said that I would configure the routers' and switches' preinstalled firewalls and rely on automatic encryption uses during tunneling and that's it.
CoalCracker said:I take it your putting the switch at layer 3 because it has some routing capabilities? Otherwise I would stay with a layer two since you have a router giving out your DHCP addressing. Now your phone switch and VPN concentrator will have to have a static IP assigned. Your VPN with some type of encryption should protect your data sufficiently. As for preventing outside network access, you'll need a firewall set up. Preferably something like an ASA. You can get them fairly small. I would also look into an MPLS network, especially if your phone system will be running the phones in each location. You can place some QoS on this to prioritize the data. You can do a 1.5 pipe for each satellite, a DS3 for the Home Office. And a simple cable connection for the CEO. No reason he will need a dedicated circuit. Then he can VPN in to the office if need be.
I'd look as OSPF as your routing protocol.
Without knowing your servers and other devices, that's about as much as I can give you. I might not be 100% correct since I just did this quick but it will give you an idea.
CoalCracker said:Any reason you're doing all static for the small office?
MPLS equipment doesn't really differ from your T1 or PRI equipment. Still need some type of CSU. EIGRP should work. I forgot about the hybrid RPs. Now your choice of Layer 3 switches makes more sense. I assumed you were doing a router and a switch at each location. So will your switch have a CSU/DSU built in? Your going to need a way to convert the t1.
jrstacey said:In the real world the telco will provide all the equipment required for MPLS and provide you with a cat 5 cable to plug into your router.
As for routers/firewalls what are you planning on using? Most will do VPN tunnelling and DHCP so that should cover your "satellite" office with secure communication and avoid static IP addressing hell.
Depending on the requirements of the satellite office you might be able to use DSL/cable/wireless. At our large 24x7 processing facilities/terminals we use MPLS but we do have 127 locations that have 2-5M DSL/wireless connections. Some of these sites have 15 - 20 users all coming back to head office over a VPN tunnel.