01-20-2016 08:27 AM
Hi,
Can someone recommend a few inexpensive VPN devices, which will be setup to connect a few (20-30) site to site VPNs (each site not more than 5-10 computers. The sites will have different VPN devices (like regular Linksys or any other - just capable of IPsec site to VPN). What I need is one for my main site and hope get some suggestions.
Thanks,
Ashok
Solved! Go to Solution.
01-20-2016 08:42 AM
Hi Ashok
Well i would say Cisco ASA firewalls 5500-x and Cisco ISR's/ASR's, both support Site-to-Site VPN to multiple sites.
You can look into those if they fit in your criteria.
Regards
Jagmeet
01-21-2016 06:33 AM
Ashok
A 2901 will certainly do site to site IPsec tunnels assuming that it has the correct license/feature set. It would need the security license. If the customer is looking for the lowest cost solution it would certainly be cheaper to purchase the security license (if they do not already have it) than to purchase a new device.
If you are going to add 20 to 30 site to site IPsec tunnels for the router you might evaluate how much load is already on the router and what impact 30 tunnels might have on it.
HTH
Rick
01-20-2016 08:42 AM
Hi Ashok
Well i would say Cisco ASA firewalls 5500-x and Cisco ISR's/ASR's, both support Site-to-Site VPN to multiple sites.
You can look into those if they fit in your criteria.
Regards
Jagmeet
01-20-2016 09:31 AM
Ashok
Jagmeet has identified your best alternatives, either an ASA or a router. Either of those might work well for you. My personal preference is that for site to site VPN the router solution gives you a bit more flexibility in how to set up the site to site VPN.
HTH
Rick
01-21-2016 02:29 PM
Hi Jagmeet,
Will I have to worry about licensing if use 5505 or 5506 for Site to site always on IPsec VPN?
Richard, I will check on licensing on 2901. I also have an 1801 router and will check that too.
Thanks,
Ashok
01-21-2016 02:40 PM
ASA 5505 can only handle a maximum of 25 VPN sessions. 5506 can handle up to 50, but you need the SecurityPlus license.
01-22-2016 10:58 AM
Thanks .
Ashok
01-20-2016 11:33 AM
I agree with Rick that a router is much more flexible. On the ASA you have the traditional/unflexible crypto-maps and ... well that's all.
On the router you can integrate your routing into the VPN much easier through the use of different kind of tunnel-interfaces. In my designs, I always place routers for site to site when there are more than a handful of sites.
With low-end-routers already in place at the branches this flexibility doesn't help you much. But when these devices have to be replaced sooner or later, you'll have a much more powerfull VPN.
01-20-2016 04:54 PM
Hi,
I started looking right after Jagmeet's post and found that ASA's will definitely do the job. Thanks Jagmeet for your thoughts. On this the question I have is, which model i.e. 505 or 506 ...or [the customer doesn't care if that is nor supported any more - they told me that they can buy 2 if needed and if one goes down (no issues with the down time) - the other one can be brought on line to replace that]. They want the least expensive. Sorry - I have to work with this constraint.
On the router option (thanks Richard and Karsten), I am intrigued (especially some the points you listed as a plus points over ASA). They already have a 2901 (with 2 built in Gb ports 0/0 & 0/1 and additional 4 port card), so is this an option for my needs?
Will look forward to your thoughts.
Thanks,
Ashok
01-21-2016 06:33 AM
Ashok
A 2901 will certainly do site to site IPsec tunnels assuming that it has the correct license/feature set. It would need the security license. If the customer is looking for the lowest cost solution it would certainly be cheaper to purchase the security license (if they do not already have it) than to purchase a new device.
If you are going to add 20 to 30 site to site IPsec tunnels for the router you might evaluate how much load is already on the router and what impact 30 tunnels might have on it.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide