I've been tasked to find a VPN solution using Cisco products. However, the website doesn't seem to offer pertinent information for my task. I've looked mainly at Cisco's ASA 5500 Series appliances but I'm still unsure if they fit the bill. The requirements for the solution are listed below:
Tunnel between two locations
Must support 100 concurrent users
Location A has a 400Mbps connection and 150 employees
Location A requires a turn around time of 4 hours
Location B has a 100Mbps connection and 50 employees
Location B requires a turn around time of 48 hours
Transport mode VPN connection to Location A for remote users
Must prevent information leakage and malware infection from home computers
Expected 35 minimum telecommuters
Adverse weather could cause more employees to telecommute
Employees must be able to collaborate in real-time using modern desktop sharing, white boarding, on-line meeting, and video/voice conferencing tools
Where I become confused is the question of what do the ASA 5500 Series appliances support? Could I use one appliance at each location to meet both the site-to-site tunnel requirement and the client-to-site requirement at location A? If not, what devices would meet these requirements? In addition, budgeting is a concern but there is no set budget. The expectation is to meet these requirements at the lowest cost possible. If the VPN solution ends up being too large of an expense we will explore other routes.
EDIT: If I purchase the 5500 Series ASA device, do I then also have to pay for the AMP, IPS, and Apps license as well? Or is that included with the device purchase? Do I also need to pay for licenses for each user that needs to remotely connect? Where can I find pricing information for support (As in if my device goes down how much do I need to pay Cisco to fix or replace it within 4 hours?).
Have you tried contacting your local Cisco partner? Partners have presales engineers that can work with you to come up with a solution that meets your technical and budget requirements. We discourage the use of CSC for business development so I won't mention any companies (even my own) but you can find local authorized Cisco partners using the following page:
In general, yes you can use ASA 5500 series to meet all of the above requirements. Exact models should be detrermined after a closer look at your anticipated feature use and possible room for growth but it would be something like a 5545-X at Site A and 5525-X at Site B based on what you've said in your original posting.
If there are existing routers at both sites (i.e. not greenfield) then you could certainly just use them with an IPsec VPN. Then just put a small ASA in at one site for remote access VPN.
Regarding licensing, you do need license for the remote access users. AnyConnect Plus would do the job. The FirePOWER licenses are required to use any of the FirePOWER features (IPS, URL filtering and Advanced Malware Protection).
Pricing for the different support service levels can be obtained via your local reseller.
This event continues the conversation of our recent Community Ask Me Anything event "Secure Remote Workers".
To participate in this event, please use the button to ask your questions
Here’s your ch...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
Early Access introduces a...
This video features a step by step walk through of configuring Cisco AnyConnect on FTD managed by FMC. Timestamps included for certificate installation, Access Control, Licensing, NAT, and Deployment failures.
I am trying to solve a CSR signing issue in a home lab.Can someone clarify this theoretical point? According to Wikipedia: "Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The...
Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes th...