I've been tasked to find a VPN solution using Cisco products. However, the website doesn't seem to offer pertinent information for my task. I've looked mainly at Cisco's ASA 5500 Series appliances but I'm still unsure if they fit the bill. The requirements for the solution are listed below:
Tunnel between two locations
Must support 100 concurrent users
Location A has a 400Mbps connection and 150 employees
Location A requires a turn around time of 4 hours
Location B has a 100Mbps connection and 50 employees
Location B requires a turn around time of 48 hours
Transport mode VPN connection to Location A for remote users
Must prevent information leakage and malware infection from home computers
Expected 35 minimum telecommuters
Adverse weather could cause more employees to telecommute
Employees must be able to collaborate in real-time using modern desktop sharing, white boarding, on-line meeting, and video/voice conferencing tools
Where I become confused is the question of what do the ASA 5500 Series appliances support? Could I use one appliance at each location to meet both the site-to-site tunnel requirement and the client-to-site requirement at location A? If not, what devices would meet these requirements? In addition, budgeting is a concern but there is no set budget. The expectation is to meet these requirements at the lowest cost possible. If the VPN solution ends up being too large of an expense we will explore other routes.
EDIT: If I purchase the 5500 Series ASA device, do I then also have to pay for the AMP, IPS, and Apps license as well? Or is that included with the device purchase? Do I also need to pay for licenses for each user that needs to remotely connect? Where can I find pricing information for support (As in if my device goes down how much do I need to pay Cisco to fix or replace it within 4 hours?).
Have you tried contacting your local Cisco partner? Partners have presales engineers that can work with you to come up with a solution that meets your technical and budget requirements. We discourage the use of CSC for business development so I won't mention any companies (even my own) but you can find local authorized Cisco partners using the following page:
In general, yes you can use ASA 5500 series to meet all of the above requirements. Exact models should be detrermined after a closer look at your anticipated feature use and possible room for growth but it would be something like a 5545-X at Site A and 5525-X at Site B based on what you've said in your original posting.
If there are existing routers at both sites (i.e. not greenfield) then you could certainly just use them with an IPsec VPN. Then just put a small ASA in at one site for remote access VPN.
Regarding licensing, you do need license for the remote access users. AnyConnect Plus would do the job. The FirePOWER licenses are required to use any of the FirePOWER features (IPS, URL filtering and Advanced Malware Protection).
Pricing for the different support service levels can be obtained via your local reseller.
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...
SymptomsDownloadable ACL (dACL) does not take effect on the IOS-XE Network Access DevicesDiagnosisCreating redirection ACL on the IOS-XE device failed to redirect the specified traffic for captive portal redirectionSolutionEnable device tracking, Below is...
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi...