I've been tasked to find a VPN solution using Cisco products. However, the website doesn't seem to offer pertinent information for my task. I've looked mainly at Cisco's ASA 5500 Series appliances but I'm still unsure if they fit the bill. The requirements for the solution are listed below:
Tunnel between two locations
Must support 100 concurrent users
Location A has a 400Mbps connection and 150 employees
Location A requires a turn around time of 4 hours
Location B has a 100Mbps connection and 50 employees
Location B requires a turn around time of 48 hours
Transport mode VPN connection to Location A for remote users
Must prevent information leakage and malware infection from home computers
Expected 35 minimum telecommuters
Adverse weather could cause more employees to telecommute
Employees must be able to collaborate in real-time using modern desktop sharing, white boarding, on-line meeting, and video/voice conferencing tools
Where I become confused is the question of what do the ASA 5500 Series appliances support? Could I use one appliance at each location to meet both the site-to-site tunnel requirement and the client-to-site requirement at location A? If not, what devices would meet these requirements? In addition, budgeting is a concern but there is no set budget. The expectation is to meet these requirements at the lowest cost possible. If the VPN solution ends up being too large of an expense we will explore other routes.
EDIT: If I purchase the 5500 Series ASA device, do I then also have to pay for the AMP, IPS, and Apps license as well? Or is that included with the device purchase? Do I also need to pay for licenses for each user that needs to remotely connect? Where can I find pricing information for support (As in if my device goes down how much do I need to pay Cisco to fix or replace it within 4 hours?).
Have you tried contacting your local Cisco partner? Partners have presales engineers that can work with you to come up with a solution that meets your technical and budget requirements. We discourage the use of CSC for business development so I won't mention any companies (even my own) but you can find local authorized Cisco partners using the following page:
In general, yes you can use ASA 5500 series to meet all of the above requirements. Exact models should be detrermined after a closer look at your anticipated feature use and possible room for growth but it would be something like a 5545-X at Site A and 5525-X at Site B based on what you've said in your original posting.
If there are existing routers at both sites (i.e. not greenfield) then you could certainly just use them with an IPsec VPN. Then just put a small ASA in at one site for remote access VPN.
Regarding licensing, you do need license for the remote access users. AnyConnect Plus would do the job. The FirePOWER licenses are required to use any of the FirePOWER features (IPS, URL filtering and Advanced Malware Protection).
Pricing for the different support service levels can be obtained via your local reseller.
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...
At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple pr...
This article describes the set of logs that can be verified related to SI feeds, starting from configuring to periodic updates.
The information in this document is based on Cisco FMC and FTD that runs software Version 6.6.5 or later.
pxGrid Integration with Cisco StealthWatch using Microsoft CAObjectiveThis blog will help the readers to configure their Cisco StealthWatch (7.X) and Cisco ISE appliance over pxGrid. What is pxGrid?Cisco pxGrid provides a unified framework that enabl...