July 17th, 2015

Strategic Commercial Customer Gets Wireless Upgrade and Global Access Control

A strategic commercial customer was looking to lower their transport costs, improve network agility and minimize datacenter backhaul traffic. In doing so, a substantial number of new perimeter entry points to the enterprise network would need to be securely introduced. The customer was also looking to migrate from their legacy firewall and VPN solution to one that would effectively utilize the new transport. Further, this customer needed to upgrade and optimize their wireless environment and implement a unified global access control solution with centralized management.

Force 3 successfully designed and deployed a global DMVPN and ASA solution for this commercial customer. For the DMVPN piece of this deployment, Force 3 built a remote site standardized configuration to include:

  • Regional and global hub DMVPN connectivity with regional with dynamic site to site tunnels
  • IOS Firewall enabling secure split tunneling for ScanSafe
  • ScanSafe Cloud Web Security Services for Internet traffic from branch office sites
  • Cisco Security Manager to centralize administration of the new ASA and IOS Firewall security policies
  • Cisco Prime Infrastructure to ease management and deployment of DMVPN routers as well as other network devices
  • Upgraded Cisco Wireless LAN Controllers to provide advanced functionality over legacy environment
  • Cisco Identity Services Engine to provide a unified access policy for wired, wireless, and VPN that addresses global presence while unifying administration and management.

The deployment team was able to also configure and test remote site DMVPN functionality connecting to each regional hub in addition to the accompanying regional sites. With those regions we successfully tested both global site-to-site and local site-to-site reachability.

Force 3 successfully migrated the customer’s existing CheckPoint firewalls to Cisco ASAs, which involved a plan to convert policy rules and enable site to site VPNs in addition to the new DMVPN overlay. Additionally, the team was able to migrate remote access VPNs to the new Firewalls while taking into account over 800 policy rules and over 100 NAT translation rules.

In addition, Force 3 deployed Cisco Web Cloud Web Security, CSM to manage the routers and ASAs to support DMVPN and Cisco Prime Infrastructure.

Finally, Force 3 also implemented an upgraded wireless infrastructure and access control solution that will eventually provide access security on wired, wireless and VPN networks using one global, centralized policy.

As a result, Force 3 provided a secure next generation branch solution to minimize transport costs. The security of the new, expanded network perimeter was ensured using a new dynamic internet VPN, firewall services and cloud security. The upgraded wireless infrastructure provides more advanced functionality and additional security. The internal network is being secured using access control on all network access mediums with single pane of glass management for one global policy.