Hi Bro

Yes, you can place a Cisco ASR in between your office and the newly acquired office, if it’s a temporary solution, since you’re gonna discontinue the DS3 line anyway.

Nonetheless, if this is a permanent solution, a Cisco ASA 5505 would best suite here. After all, the DS3 bandwidth is 45Mbps and the Cisco ASA 5505 hardware throughput is 150Mbps. Furthermore, you can have an IPS module inserted into the Cisco ASA 5505 to enhance security e.g. Layer 7 packet inspection, anomaly detection etc.

It is always best to place the FW from where the source is coming from. In your case, it will be best that the FW is placed in the newly acquired office. With this, only legitimate packets will utilize the DS3 line. If you were to place the FW or ASR in your office instead, garbage packets will flow from the newly acquired office to your office, and only to be inspected in your office. That’s never the way to go.

Part Num.          ASA5505-SEC-BUN-K9

Part Desc.         Cisco ASA 5505 Unlimited-User Security Plus Bundle includes 8-port Fast Ethernet switch,

                        25 IPsec VPN peers, 2 Premium VPN peers, DMZ, stateless Active/Standby high

                        availability, 3DES/AES license

Part Num.          ASA5505-U-AIP5P-K9    

Part Desc.         Cisco ASA 5505 unlimited user with AIP SSC-5 and Security Plus License bundle

P/S: If you think this comment is helpful, please do rate them nicely :-)