Capgemini Heerlen Site to Site VPN_Network Design V1.1
-
Upload
pankajagr83 -
Category
Documents
-
view
186 -
download
13
Transcript of Capgemini Heerlen Site to Site VPN_Network Design V1.1
Infrastructure Design
Capgemini Heerlen
Version control
Version Date Short description changes
1.0 February 25, 2013 Start Report
1.1 May 21, 2013 Updated Document
Name author(s): Bhavik Sheth
Infrastructure Design
Name author(s): Bhavik Sheth
Company name: Capgemini Nederland B.V. Place: UtrechtDate: February 25, 2013
© 2013 Capgemini. No part of this document may be modified, deleted or expanded by any process or means without prior written approval from Capgemini
Preface / IntroductionThis document describes the temporary network solution for the Heerlen site. The
document describes about the site to site VPN solution between Heerlen and Utrecht.
Table of ContentsTable of Contents 3
1 Management summary 4
2 Network Infrastructure 5
2.1 WAN connection 5
2.2 Wired network 5
2.3 IPT 5
2.4 Wireless Network 5
3 Layer 2 design 7
3.1 VLAN’s 8
4 Layer 3 design 9
4.1 Routing 9
5 Vendor Information 11
6 Rack details 12
1 Management summary
This document describes the new infrastructure of the Capgemini Heerlen location. This will be used by NE ITICS Team to build the site to site VPN for Capgemini Heerlen location.
2 Network InfrastructureThe network infrastructure at Capgemini Heerlen and Utrecht location for Site to Site VPN will
consists of the following components;
Cisco 3750 (5*), Core switches
Cisco ASA 5520, Site to Site VPN at Heerlen
Cisco ASA 5520, Site to Site VPN at Utrecht
2.1 WAN connection
There is point to point WAN link between Heerlen and Utrecht site which is providing WAN
connection for Heerlen site to connect to the Capgemini ITICS network. The existing WAN link at
Utrecht is terminating in M building of Utrecht which will be disconnected to due to building
movement.
The new internet link will be connected to Heerlen site and Site to Site VPN tunnel will be established
to access the Capgemini ITICS network for Heerlen users.
2.2 Wired network
The wired access network in Capgemini Heerlen will be same as existing network infrastructure.
2.3 IPT
IPT network in Heerlen location will be same as existing setup and VOIPs will be connected to access
switches.
2.4 Wireless Network
Wireless Network in Heerlen location will be same as existing setup and below wireless network will be available.
XS4OFFICE
XS4Guests
XS4Mobile
3 Layer 2 design The Cisco ASA 5520 will be connected to Heerlen Core switch and Internet link will be terminating on Cisco ASA.
We have Cisco 3750 stack which contains 5 * Cisco 3750-48PS-S switches which has Fast Ethernet ports which provides the access connections.
The interface Fa4/0/46 of HRLN01-Core switch is connected to Gi0/0 interface of Cisco ASA HRLN01VPN box.
Cisco ASA LRC00VPN at Utrecht location will be connected on PDC00B-DSTS switches as shown in below diagram.
3.1 VLAN’s
VLANs for this setup will be used at both sites as below.
Heerlen
Device InterfaceVLAN
HRLN01VPN Inside (Gi0/0) 100HRLN01VPN Outside (Gi0/1) NAHRLN01S1-Core Fa4/0/46 100
Utrecht
Device Interface VLAN
LRC00VPN Inside (Gi0/0) 379LRC00VPN Outside (Gi0/1) 25
4 Layer 3 design
4.1 Routing
The static route will be configured at Heerlen site for the site to site VPN and OSPF will be used as
routing protocol at Utrecht site.
The PDC00S1-Edge switch will advertize the Heerlen subnet 10.37.160.0/20 into OSPF area 0 via
redistributing static route. The static route will be configured on LRC00F1-int firewall for Heerlen
subnet (10.37.160.0/20) pointing towards inside interface of LRC00VPN (10.36.65.169). The site to
site tunnel will be established between outside interfaces of two Cisco ASAs.
All the traffic for data center services like DHCP, DNS, and Intranet etc as well as the internet traffic
will be tunneled. Heerlen users will access the Utrecht/Amsterdam Internet gateway for the internet
access.
Below IP address would be use for the respective devices.
Heerlen
Device Interface IP AddressVLAN
HRLN01VPN Inside (Gi0/0) 10.37.160.194 100HRLN01VPN Outside (Gi0/1) 195.234.187.34 NAHRLN01S1-Core Fa4/0/46 NA 100
Utrecht
Device Interface IP AddressVLAN
LRC00VPN Inside (Gi0/0) 10.36.65.169 379LRC00VPN Outside (Gi0/1) 198.184.231.248 25
Layer 3 diagram for the Site to Site VPN between Heerlen and Utrecht is shown below.
5 Vendor InformationWe have 10 Mbps Internet link provided by O4S at Heerlen location. The details of the IP address for this link and contact details of O4S are given below.
ServiceDesk: [email protected]
IP-reeks: 195.234.187.32/29
Gateway: 195.234.167.33
Adresses: 195.234.187.34 – 38
DNS resolvers: 91.208.229.208
91.208.229.229
6 Rack detailsNew Cisco ASA will be mounted in ITICS MER at Utrecht location as shown below in U 34.
Cisco ASA 5520 will be installed in Heerlen location as shown below in U 32.