I have a few conceptual questions about the Cisco ASA 5505. I'm not asking any specific configuration questions yet, those will be in another question with more points.
My agency recently acquired three (3) of the ASA 5505 Security Plus bundles. We are looking to use one as a firewall behind our SDSL modem. In the future we would like to use the other two devices at remote locations to connect securely back to our main location. Each remote location has between one and five concurrent users.
Question 1) Do we need to deploy the security plus bundles at every location? Or can we get away something like the 10-user bundle at the remote locations (for half the price) and the security plus bundle at our main office?
Question 2a) Are there significant advantages to using the DMZ functionality included in the security plus bundle? Currently, the only services we expose are our Exchange server (including RPC and OWA) and our spam firewall, for which the traffic is currently being routed through our modem using simple port-forwarding.
Question 2b) Our ISP has given us a small handful of IP addresses. Should we move our spam filter and Exchange server to the public address space and use the NAT functionality instead of the PAT functionality of the ASA 5505?
Question 3) We have a handful of laptops that users take home to do work in a very disconnected fashion. They log into an account local to the laptop and save their work to a flash drive. Is it possible, with just the ASA 5505 to setup the laptops so that they connect securely back into our network and provide access to our internal resources? If not, what additional software/hardware do we need?