Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
1
Replies

Can anyone help me figure out a VPN solution?

Alexander.Daro
Level 1
Level 1

‎05-04-2017 07:44 PM

I've been tasked to find a VPN solution using Cisco products. However, the website doesn't seem to offer pertinent information for my task. I've looked mainly at Cisco's ASA 5500 Series appliances but I'm still unsure if they fit the bill. The requirements for the solution are listed below:

  1. Tunnel between two locations
    1. Must support 100 concurrent users
    2. Location A has a 400Mbps connection and 150 employees
      1. Location A requires a turn around time of 4 hours
    3. Location B has a 100Mbps connection and 50 employees
      1. Location B requires a turn around time of 48 hours
  2. Transport mode VPN connection to Location A for remote users
    1. Must prevent information leakage and malware infection from home computers
    2. Expected 35 minimum telecommuters
      1. Adverse weather could cause more employees to telecommute
    3. Employees must be able to collaborate in real-time using modern desktop sharing, white boarding, on-line meeting, and video/voice conferencing tools

Where I become confused is the question of what do the ASA 5500 Series appliances support? Could I use one appliance at each location to meet both the site-to-site tunnel requirement and the client-to-site requirement at location A? If not, what devices would meet these requirements? In addition, budgeting is a concern but there is no set budget. The expectation is to meet these requirements at the lowest cost possible. If the VPN solution ends up being too large of an expense we will explore other routes.

EDIT: If I purchase the 5500 Series ASA device, do I then also have to pay for the AMP, IPS, and Apps license as well? Or is that included with the device purchase? Do I also need to pay for licenses for each user that needs to remotely connect? Where can I find pricing information for support (As in if my device goes down how much do I need to pay Cisco to fix or replace it within 4 hours?).

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-04-2017 08:46 PM

Have you tried contacting your local Cisco partner? Partners have presales engineers that can work with you to come up with a solution that meets your technical and budget requirements. We discourage the use of CSC for business development so I won't mention any companies (even my own) but you can find local authorized Cisco partners using the following page:

https://locatr.cloudapps.cisco.com/WWChannels/LOCATR/performBasicSearch.do

In general, yes you can use ASA 5500 series to meet all of the above requirements. Exact models should be detrermined after a closer look at your anticipated feature use and possible room for growth but it would be something like a 5545-X at Site A and 5525-X at Site B based on what you've said in your original posting.

If there are existing routers at both sites (i.e. not greenfield) then you could certainly just use them with an IPsec VPN. Then just put a small ASA in at one site for remote access VPN.

Regarding licensing, you do need license for the remote access users. AnyConnect Plus would do the job. The FirePOWER licenses are required to use any of the FirePOWER features (IPS, URL filtering and Advanced Malware Protection).

Pricing for the different support service levels can be obtained via your local reseller. 

0 Helpful
Customers Also Viewed These Support Documents