Facts - 3 sites(same city, same provider), each with Mikrotik RB1200(ver 5.7). 2 Sites overseas, using ISA server.
Current setup is mesh VPN setup. All sites are connected to each other using PPTP. The 3 sites (same city) are currently using ISA server which will be replaced by RB1200. I need help in these 3 sites only (I have full access to ISA server of site 4,5 also - in case if any changes are required there)
Each site(same city ones- site 1,2,3) connects to Fiber Internet 100down/40up. We need to login using PPPoE to our provider. We get dynamic IP with TTL approx 4hours. We need to update dyndns every 5 minutes.
The other 2 sites(site 4,5) are in data center and have pool of static IPs.
I need to(this is for site 1,2,3- which are being replaced with RB1200)
a) Connect each site with SSTP/IPIP/EOIP/MPLS - whichever has the least overhead. IpSec/pptp/l2tp are throttled by our ISP.
Remember - each site is dynamic IP. I have paid dyndns account, so each site is updated using dyndns every 2-5 mins. Need to select the best protocol(least overhead - as Voip is very sensitive- on IPsec - its not usable). If SSTP/IPIP etc is not possible, PPTP can still be used.
Address assignments of LAN -
Site 1 address =192.168.10.0/24
Site 2 address =192.168.60.0/24
Site 3 address = 172.16.0.0/16
b) Give QoS (QoS need to traverse the Site to site networks of 1,2,3 only as ISA at site 4,5 will ignore it) in following order-
Everything else low QoS. The sites are 1GBPS inside - so I am not looking to QoS inside the site - Basically - Qos needs to be implemnted when QoS when packet is touching RB1200 (and therefore going out of site as RB1200 is on the edge)
c)Connect to ISA servers in Site3 and Site 4 (using PPTP- as this is the least overhead protocol for VoiP) to Site 1,2,3.
d)Connect external WIFI access points (not bought yet - leaning towards Ubiquiti?) to LAN ports of RB1200. Clients connecting to WIFI have to login using existing radius server of windows 2003(fixed IP in each site 1,2,3). If they fail to authenticate (timeout) - restrict their bandwidth to 128kbps up 128 kbps down. We require this becuase we have phones connecting to our VoIP network as well as guests walking in. I dont want to give bandwidth to them. There is complexity in this as WIFI clients when connected will get default gateway as ISA server - and ISA server will strip all QoS?
The following info simplifies lot of complexities -
a) All sites are self contained - ie, NTP, DHCP default gateway etc (default gateway is going to be ISA server in each site - later on switched to Untangle when RB1200 takes over site to site routing) are taken care by existing servers.
b) Rb1200 sits at the edge and does only the access to Internet(log in using PPPoE to ISP) and provide Site-Site.