anarine
asked on
The Best Cisco device for a VPN
Hi guys,
I plan to setup vpns using cisco devices between 7 remote sites and our head office.
What should each site have - a Cisco router, PIX or ASA ?
Can anyone one provide me with a web link and model number of a Cisco device that will support
PPTP and IPSEC VPNs.
The VPNs will be Site to Site vpns. Each site will have about 5 remote access users who will connect to the private network from home.
I plan to setup vpns using cisco devices between 7 remote sites and our head office.
What should each site have - a Cisco router, PIX or ASA ?
Can anyone one provide me with a web link and model number of a Cisco device that will support
PPTP and IPSEC VPNs.
The VPNs will be Site to Site vpns. Each site will have about 5 remote access users who will connect to the private network from home.
Here's some information
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_459542.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_459542.html
ASKER
I intend to implement VOIP among the branches. Will both the ASA 5505 and the 800 series support voice ?
What is the big difference between the two ?
What is the big difference between the two ?
The ASA is a firewall, has 8 10/100 switch ports and 2 of those are PoE specifically for IP phones. It was originally designed as a VPN firewall and is the best at it. VoIP works well over the VPN but if the vpn goes down, so does the phone. It does not support anything except Ethernet WAN.
The 800 series is a router with firewall and vpn features. A router can support multiple different WAN modules like DSL, cable, or cellular wireless. Some have full voice functions where the router can still provide basic voice services in the event the vpn drops. They can also be a wireless access point for end users.
The 800 series is a router with firewall and vpn features. A router can support multiple different WAN modules like DSL, cable, or cellular wireless. Some have full voice functions where the router can still provide basic voice services in the event the vpn drops. They can also be a wireless access point for end users.
ASKER
Does the ASA support routing like the CISCO router that has a wan interface and lan interface ?
Yes, that is the basic premise of the device. It does not have many advanced routing features of a router such as route-maps for source routing, but it absolutely has to have the basic routing functions from one interface to another.
ASKER
All I want to do is implement a pptp vpn between sites using a Site to Site vpn and about 7 users remote access into the site's vpn. The sites are on different networks so I will need interfaces on the device for basic routing. Maybe the ASA may be too much for what I want to do. Do you think I should purchase the 800 series routers instead?
Personally, I would go with the basic ASA5505. Mainly because it has a 8-port switch onboard which would be perfect for your application. If you go with the 800 router, you would only get 4 ports and may need to add another switch to get the port density you need. Plus, the management GUI for the ASA is way better than the router. You can manage them all from one location
ASKER
I had a cisco 1700 router that had 2 network interfaces, one for wan and one for connecting to the Lan.
Looking at this video about the ASA 5505 :
http://www.youtube.com/watch?v=wr-wPXOOinA
, I realise that at the back of the device there are no ports designated for wan or lan. Suppose I wanted to route between 4 networks, would the ASA 5505 allow me to configure 4 ip address on 4 different interfaces on the device ?
Looking at this video about the ASA 5505 :
http://www.youtube.com/watch?v=wr-wPXOOinA
, I realise that at the back of the device there are no ports designated for wan or lan. Suppose I wanted to route between 4 networks, would the ASA 5505 allow me to configure 4 ip address on 4 different interfaces on the device ?
No. It has capability of only 2 interfaces. VLAN1 (inside) on ports 1-7 and VLAN2 (outside) on port 0.
You would have to have the security+ model to get 1 more interface (dmz, vlan3) and be able to route between them.
You would have to have the security+ model to get 1 more interface (dmz, vlan3) and be able to route between them.
ASKER
http://www.cablesandkits.com/cisco-asa5505-user-bundle-asa5505bunk9-p-1349.html
I have seen many sites showing 10 user lisences. Am I correct by saying the firewall would only allow 10 users to connecct to the internet ?
I have seen many sites showing 10 user lisences. Am I correct by saying the firewall would only allow 10 users to connecct to the internet ?
That is correct if you buy the 10-user bundle.
ASKER
Thank you lrmoore,
Tomorrow I will do a search on the cisco site that has the model ASA that I think will work for me. Will post back tomorrow so you can verify that the model will do what I want.
You'll get the points
Tomorrow I will do a search on the cisco site that has the model ASA that I think will work for me. Will post back tomorrow so you can verify that the model will do what I want.
You'll get the points
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I'm about to select a device.
I am going ahead with the ASA5505-UL-BUN-K9
Can I always purchase the secuity plus later on as a software addon ?
I am going ahead with the ASA5505-UL-BUN-K9
Can I always purchase the secuity plus later on as a software addon ?
Yes, you can always upgrade. All it takes is a new license key, takes 10 seconds to put in and then a reboot.
ASKER
Thanks for the help.
With ASA5500 series at HQ, you can set it up as EZVPN server and remotes as EZVPN client quite easily.
Alternative would be ASA5505 with 8-port switch as EZVPN client