You need an affordable solution to connect multiple locations with dynamic IPs to a central VPN server.
FlexVPN/DMVPN would solve this but central IOS routers cost plenty of money and offer only a limited HA solution. You would need a HSEC license if you want to go for over 85Mbit and 225 tunnels. Also firewall management via CLI is a mess.
If you have dynamic IPs (e.g. with 4G) and don't want to go for certificates, you have to use PSK. The downside is that every PSK has to be the same via DefaultL2LGroup. To avoid this, we create IKEv2 tunnel groups and set the isakmp ID on the clients to the name of the tunnel group.
The ASA (esp. 5515-X) is quite affordable, handling multiple tunnels with high throughput. Also it offers really good HA with Active/Standby failover including stateful IPSEC failover. On the downside it doesn't support FlexVPN, so the config part on the routers is quite big.
On the client side we use 880 Branch Routers which support all needed features.
On the ASA we configure the following (only crypto parts)
Specify the subnets:
access-list outside_cryptomap extended permit ip object OUR-NET object CLIENT-NET
Our desktop team is upgrading W7 to W10 and after upgrading the old W7 to W10 I have observed on ISE 2.4 some of the attributes still reflects the old W7 machine and hence the machine won't get profiled accurately.Stale attribute example being AD-Fet...
Hello, I recenlty turned on the email logging feature. And I see a lot of ASA Alerts for Deny UDP reverse path from 169.254.x.x to 169.254.x.x to vlan(inside). Keep in mind, my level of experience is novice/noob. There are several of...
Hello All, So i need to buy a Firewall Hardware and the requirements are :1. Firewall Capability2. IDS and IPS (one if possible both)3. No SubscriptionAnd my seller offer me ASA5508-FTD-K9, my questions are :1. What feature does it have?2. Does it in...
Hi,Working on upgrading VPN (L2L & AnyConnect) firewall but not sure about what OS to upgrade from existing 9.8.(2).I see 9.8.(4) Interim Gold on cisco download page but reviews are not great. Any recommendation is highly appreciated. Thank You,J...