We currently have our database exposed so external employees can use our application that connects to it. I want to put a security appliance in place that will allow the clients to get a VPN to our office and use the program through that tunnel. What I am wondering about is whether or not the clientless SSL part of the Cisco ASA 5510 will do it. I want it to have little to no interference with their current method of operation. I know that IPSec requires a program to be installed and then run each time they want to connect to the office. I tried searching around for information on how the SSL connectivity works, but can't find anything that truly explains it.

I was looking at the ASA 5510 because this office currently has no firewall in place, just a Cisco router that opens ports on specific servers. Also, because we have about 15 external employees that will need to connect. I wanted the 5510 just incase the number of external employees grows past 25.

I guess my concern is this: What would the employees need to do to connect to our office and create a VPN tunnel for the application to work? From the little information I got about the SSL version, it only exposes some network shares, not necessarily a database, is this correct? I understand the 5510 comes with 250 IPSec peers, so there would be no additional cost, while it only comes with 2 SSL peers and would need licenses for any additional ones.

Thanks.