Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
0
Helpful
3
Replies

Router or Cisco PIX to connect our remote offices?

Nik_Meeus
Level 1
Level 1

‎05-09-2005 11:02 AM - edited ‎02-21-2020 12:07 AM

We are planning to redesign our current network connections from our mainoffice to our 6 remote office with Cisco equipment. Remote office = 1 network printer - 4 users with low traffic bandwidth (connection to erp-system, email and Internet traffic). Current setup: each remote office has a connection to a private WAN (Infonet via ISDN)

to access erp-system and 1 connection to the Internet which a local provider installed (these are ADSL connections) for email and Internet. Some Internet connection have a static IP address other dynamic. We are planning to update each office with a static IP address. We are going to remove the ISDN connection to the private WAN and want to use a VPN solution through the Internet line to connect to our main office. All traffic (erp, email, Internet) should go first to our main site and transfered than to the Internet if necessary, we don't want a complex firewall,...the product should be easy to manage remotely. If possible we also want to give priority to erp traffic. Which product should we use in the main office and the remote office. Is it better to place a simple router after the ADSL-modem (router) with VPN and use access list or do you suggest to place a Cisco PIX or ... ? What should we place at the main site? Connection to the main site is an SDLS connection.

0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎05-10-2005 06:21 AM

There are a few things to consider in making your decision between doing it with PIX or with a router. Perhaps the first consideration is whether a remote office will need connectivity to another remote office. This is easy to do with a router. In traditional PIX it is not suported to have connectivity remote to remote. I understand that software version 7.0 may have fixed this but have no experience to be able to say so. So if you do need remote to remote connectivity I would highly suggest a router solution rather than a PIX solution.

Also a router gives you the ability to prioritize your erp traffic. I am not aware that PIX could do that.

I have done VPN connections is several situations. In general I like to do site to site VPN with routers. I have done VPN connections for a customer which sound very much like what you describe. We are using 1721 and 1841 routers at the remote sites and a larger router at the central site. We are using a 7206 at the central site because we have a large number of remote sites but for 6 remote offices you could probably do fine with an 1800 or 2800 model router. All traffic from the remote office is sent over the VPN to the central site. Any Internet traffic is sent over the VPN to the central site and then uses the corporate interface (and firewall) to get to the Internet. This solution does not require any special firewall other than the normal corporate firewall.

HTH

Rick

HTH

Rick
0 Helpful

Nik_Meeus
Level 1
Level 1

‎05-10-2005 10:08 AM

Thanks already for the usefull info.

The remote offices don't need any connectivity to other remote offices, only to the main site.

If we put a router after the ADSL box (different types) what's the best way to configure ADLS boxes or advise the local providers how to configure them? At this moment we don't have control over them.

At this moment there isn't a standaard how the ADSL-box at the remote site is configured on the LAN-site.

E.g. an office has the ADSL box (router) configured in bridged mode = ADSL modem with static IP, so the LAN gets the public static IP (I believe this is a good option). Another has an ADSL box configured as router/nat [WAN static public IP, the LAN is configured with static private IP]. Another has an ADSL box configured as router/firewall/nat/dhcp [WAN dynamic public IP, the LAN is configured via dhcp].

How do you remotely manage these routers? I would assume, if you do a telnet (if everything is setup ok, forward all traffic from ADSL box to router) and you only have one static public IP address you would enter on the ADSL-box (because the telnet port is used by the local provider to manage there router)?

Or can you do the complete management also via a web browser via other ports? Or should we ask for 2 static IP addresses?

Do you have country policies where VPN isn't allowed?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Nik_Meeus

‎05-10-2005 11:36 AM

Most of my experience is with VPN where there remote has a fixed IP address. I have done a little bit where the remote IP address was dynamic. I believe that you can accommodate both, though from a management perspective you may prefer to standardize on a single approach.

We have set up the remote routers so that all traffic is sent through the central site. We do most of our management over the VPN (including SNMP, syslog, etc). If we need to access the remote device we prefer that our management traffic be carried over the VPN. We do have provision for circumstances where we need remote access that can not be carried over the VPN (troubleshooting when the VPN is down). For this we use SSH to the public interface. We have access controls on the public interface that are very strict about what may come in the public interface that is not VPN traffic.

I am based in the US and my customers are in the US so I do not have experience of country policies that would restrict VPN.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card