08-13-2007 12:50 AM - edited 03-05-2019 05:51 PM
Hi We have 2 remote offices that are in a shared building. The building has a internet connection and we are given a port that we can plug in a switch and from this we can plug in our PCs that get a IP address which allows them to connected on the network.
Now our main office has a ASA firewall and we would like the users at these remote locations to be able to connect to our corporate network via the ASA.
We know we can do this using VPN and having each user double click on a VPN client on there desktop. But we would like to have a "always on" solution so that the router or switch does the VPN connect.
Would you say it would be better for us to get a router to do this or can a switch also do a VPN connect to a ASA firewall??
Thanks
Solved! Go to Solution.
08-13-2007 02:56 AM
Hi
There are several reasons for using a firewall, ASA, in this configuration.
Right now you plug yourself into a unknown source of Internet access and try to defend yourself with the software "firewalls" that make up the VPN client or such (Xp "firewall").
This is a security nightmare and will not work in the long run.
If I was conulted to help you sort this out I would start with 2 ASA5505 wich has 8 ports each. One ASA-5505 for each remote office.
The ASA will act both as a firewall and shelter your machines from the unwanted traffic from Internet.
Now if we are lucky thats enough for the regional offices since the ASA-5505 is both a Firewall and a Switch. ASA-5505 is an 8 port device, and in this scenario you would use 1 external and 7 internal interfaces. Hopefully you do not have more than 7 IP devices (computers) on those unsecure networks right now.
If you do have more computers on the network then I would recomend a 2960 switch to go with that ASA.
Most bang for the buck.
Good luck
08-13-2007 12:54 AM
Hi
I would recommend either a router or another ASA device. If you get a router make sure that it has the right IOS on it, usually something along the lines of advanced security features, so that you can create VPN's.
Switches generally speaking do not support IPSEC vpns.
HTH
Jon
08-13-2007 01:14 AM
Generally switches cannot do VPN connections (except 6500/4500 with special modules).
ASA is your best choise here - good performance and no interoperability issues with your main ASA.
08-13-2007 02:56 AM
Hi
There are several reasons for using a firewall, ASA, in this configuration.
Right now you plug yourself into a unknown source of Internet access and try to defend yourself with the software "firewalls" that make up the VPN client or such (Xp "firewall").
This is a security nightmare and will not work in the long run.
If I was conulted to help you sort this out I would start with 2 ASA5505 wich has 8 ports each. One ASA-5505 for each remote office.
The ASA will act both as a firewall and shelter your machines from the unwanted traffic from Internet.
Now if we are lucky thats enough for the regional offices since the ASA-5505 is both a Firewall and a Switch. ASA-5505 is an 8 port device, and in this scenario you would use 1 external and 7 internal interfaces. Hopefully you do not have more than 7 IP devices (computers) on those unsecure networks right now.
If you do have more computers on the network then I would recomend a 2960 switch to go with that ASA.
Most bang for the buck.
Good luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide