Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Product Selection Help - Home office based micro company

ArnieC
Just browsing
‎Jul 5 2019 7:27 AM
‎Jul 5 2019 7:27 AM

Product Selection Help - Home office based micro company

First of all, I am not a network administrator and security guru, just an small business owner with a distributed network who needs help in figuring out which devices to place where. 

 

We are a micro company with 3 offices located in private homes. One in UK and 2x in Florida, USA. We currently also have a hosted server at UKFast in the UK. We have subcontractors connecting to our WAN via VPN. We currently have a expired SonicWALL TZ400 in the main home office in the US (US1) and a old Netgear router in the UK (UK1) with site-to-site VPN connectivity between US1 and UK1. The US2 office connect with the US1 office via client VPN.  

Both the US1 and UK1 office has a VMWare ESXi Host Server with the vSphere Server managing the hosts located in the US1 office. Domain Controllers for Active Directory located on both US1 and UK1 host servers with a completely separate DC and network for the servers hosted at UKFast. Production workloads exist on US1 Host and UKFast.
 
I know having production workloads on VMWare host servers sitting in our homes is not ideal, that is an entirely different topic and on the radar to address in the not to distant future.

We frequently connect with various different client VPNs using a variety of different VPN clients as made available by our customers while we work on software implementation projects. We often connect back to the home offices via client VPN while traveling. 

All the offices are in private homes with Static IP Addresses.
All the offices have some form of WiFi for both personal and business use.

I need assistance with selecting the right mix of products to support:
  • Site-to-Site VPN between the sites
    - US1 <--> UK1
    - UK1 <--> UKFast
    - US1 <--> UKFast
    - US2 <--> US1 (optional, can also use Client VPN)
    - US2 <--> UKFast (optional)
  • Consider separation of company and private home networks
  • Advanced Security at Internet exposed nodes.

 

 

 

 

0 Kudos
Subscribe
5 Replies 5
BrechtSchamp
Kind of a big deal
‎Jul 5 2019 8:00 AM
‎Jul 5 2019 8:00 AM

Does UKFast allow you to install network equipment? If you're allowed to do that I'd just put MX's in every location and leverage AutoVPN to establish connectivity between all of them. Take a look at the sizing guide to determine the models you would need:

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf

 

For the clientVPN you can use one (or several) of the MXs. The disadvantage here is that Meraki doesn't have their own VPN client. Setup of client VPN can be a bit fiddly:

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration

 

You can use VLANs to separate home and corporate networks and if you need ports than what is present on an MX, just add some switches to the network (MS120 would probably be sufficient, or MS210 if you want basic L3 features for even more segmentation). Same with Wi-Fi, just add some access points (a couple of MR33's is what I'd probably would go for in your case).

 

Regarding the security features. If you need advanced security (IDS/IPS, AMP, Content Filtering, Geobased Firewalling) then keep in mind you need to buy that license level for all networks (all MXs) in your organization.

 

Hope that helps!

Subscribe
In response to BrechtSchamp
Uberseehandel
Kind of a big deal
‎Jul 6 2019 12:41 AM
‎Jul 6 2019 12:41 AM

I've not used a vMX100 (virtual MX security appliance), however, the situation described above sounds as if it might  be a possible option, as far as UKFast is concerned. So physical and virtual appliances interact.

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
Subscribe
In response to BrechtSchamp
ArnieC
Just browsing
‎Jul 6 2019 5:48 AM
‎Jul 6 2019 5:48 AM

UKFast would not allow personal equipment but they do support IPSec VPNs. Is this where the VMx would come into play? We have two virtual servers at UKFast, a SQL Server and a Windows Application server. Would VMx run on the Windows Application server?

0 Kudos
Subscribe
In response to ArnieC
Uberseehandel
Kind of a big deal
‎Jul 6 2019 6:09 AM
‎Jul 6 2019 6:09 AM

@ArnieC wrote:

UKFast would not allow personal equipment but they do support IPSec VPNs. Is this where the VMx would come into play? We have two virtual servers at UKFast, a SQL Server and a Windows Application server. Would VMx run on the Windows Application server?

UKFast offers AWS and Azure solutions. 

 

A virtual MX is deployed on an AWS EC2 instance or an Azure VM and then configured in the Meraki dashboard, just like any other MX. It functions like a VPN concentrator. Product Overview 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Subscribe
timeshimanshu
Getting noticed
‎Jul 6 2019 2:39 AM
‎Jul 6 2019 2:39 AM

@BrechtSchamp  well described, this is the possible solution additionally with meraki Auto VPN you can also choose which networks you want to allow to communicate between your offices US1 <-->UK1. i think L3 switch is not required here you can perform the L3 routing at MX depend upon your end device count.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.