Question on Branch office design/equipments

ctusa2003am · ‎11-19-2016

Hi,

We are setting up a small Branch office (8 people for now may go to 20 at the most) and am working on the network design with the most economical options, espcially if I need a router.

The ISP is a cable modem (Comcast) and they are providing 13 Static IP addresses via their Cable Modem Router (so the question is do I need another router here). I have an ASA 5510, which I want to use to connect to the main office via L2L (IPsec VPN), and then put an Active Directory DC/DHCP (internal192.168.2.0/24 ). This network will provide internet access to our employees and will provide automatic/seamless connection to main office Server resources via the above VPN.

I also need a second network which will have 2 or 3 servers (IIS) which will connect to internet. (Let's say internal 192.168.3.0/24 with 1 to 1 NAT for those 2 or 3 Web servers). This network will provide Web access to our Customers for some custom applications we host for them.

Question 1. Considering the above, will I be ok if I just buy a new ASA for the 2nd network (5508 should be good - I think)?

Question 2. If I have to enable some people (in 192.168.2.0 network) have access to .3.0 network, what are my options?

Apprecaite any commetns/suggestions.

Thanks,

Ashok

Reza Sharifi · ‎11-19-2016

Hi,

You can use the ASA 5510 to build a IPsec tunnel to the main office if you have another firewall or a router in the main office. This way the communication to the main office is secure and the users in the remote office can access Internet and also the resources in the main office.

HTH

ctusa2003am · ‎11-20-2016

Hi Reza,

Thanks for your post. yes - we do have another 5510 in the main office so building an IPsec L2L VPN should be find.

Can you please comment on my 2 questions, if you get a chance?

Thanks,

Ashok