Solved

The Best Cisco device for a VPN

Posted on 2008-10-18
17
477 Views
Last Modified: 2012-05-05
Hi guys,
  I plan to setup vpns using cisco devices between 7 remote sites and our head office.
What should each site have - a Cisco router,  PIX or ASA ?
Can anyone one provide me with a web link and model number of a  Cisco device that will support
PPTP and IPSEC VPNs.
The VPNs will be Site to Site vpns. Each site will have about 5 remote access users who will connect to the private network from home.
0
Comment
Question by:anarine
  • 9
  • 8
17 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 22750050
It really depends on what you want to provide. You might look at the 861W router if you want to provide VPN, and wireless access and 4-port switch
With ASA5500 series at HQ, you can set it up as EZVPN server and remotes as EZVPN client quite easily.
Alternative would be ASA5505 with 8-port switch as EZVPN client



0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22750051
0
 

Author Comment

by:anarine
ID: 22750272
I intend to implement VOIP among the branches. Will both the ASA 5505 and the 800 series support voice ?

What is the big difference between the two ?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 79

Expert Comment

by:lrmoore
ID: 22750699
The ASA is a firewall, has 8 10/100 switch ports and 2 of those are PoE specifically for IP phones. It was originally designed as a VPN firewall and is the best at it. VoIP works well over the VPN but if the vpn goes down, so does the phone. It does not support anything except Ethernet WAN.
The 800 series is a router with firewall and vpn features. A router can support multiple different WAN modules like DSL, cable, or cellular wireless. Some have full voice functions where the router can still provide basic voice services in the event the vpn drops. They can also be a wireless access point for end users.
0
 

Author Comment

by:anarine
ID: 22752320
Does the ASA support routing like the CISCO router that has a wan interface and lan interface ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22752474
Yes, that is the basic premise of the device. It does not have many advanced routing features of a router such as route-maps for source routing, but it absolutely has to have the basic routing functions from one interface to another.
0
 

Author Comment

by:anarine
ID: 22752567
All I want to do is implement a pptp vpn between sites using a Site to Site vpn and about 7 users remote access into the site's vpn. The sites are on different networks so I will need interfaces on the device for basic routing. Maybe the ASA may be too much for what I want to do. Do you think I should purchase the 800 series routers instead?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22753027
Personally, I would go with the basic ASA5505. Mainly because it has a 8-port switch onboard which would be perfect for your application. If you go with the 800 router, you would only get 4 ports and may need to add another switch to get the port density you need. Plus, the management GUI for the ASA is way better than the router. You can manage them all from one location
0
 

Author Comment

by:anarine
ID: 22753944
I had a cisco 1700 router that had 2 network interfaces, one for wan and one for connecting to the Lan.
Looking at this video about the ASA 5505 :
http://www.youtube.com/watch?v=wr-wPXOOinA
 , I realise that at the back of the device there are no ports designated for wan or lan. Suppose I wanted to route between 4 networks, would the ASA 5505 allow me to configure 4 ip address on 4 different interfaces on the device ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22753975
No. It has capability of only 2 interfaces. VLAN1 (inside) on ports 1-7 and VLAN2 (outside) on port 0.
You would have to have the security+ model to get 1 more interface (dmz, vlan3) and be able to route between them.
0
 

Author Comment

by:anarine
ID: 22754159
http://www.cablesandkits.com/cisco-asa5505-user-bundle-asa5505bunk9-p-1349.html

I have seen many sites showing 10 user lisences. Am I correct by saying the firewall would only allow 10 users to connecct to the internet ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22754198
That is correct if you buy the 10-user bundle.
0
 

Author Comment

by:anarine
ID: 22754232
Thank you lrmoore,
Tomorrow I will do a search on the cisco site that has the model ASA that I think will work for me. Will post back tomorrow so you can verify that the model will do what I want.
You'll get the points

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 22754601
Your options include
ASA5505-BUN-K9         Cisco ASA 5505 10 User Firewall Edition Bundle
ASA5505-50-BUN-K9    Cisco ASA 5505 50 User Firewall Edition Bundle
ASA5505-UL-BUN-K9    Cisco ASA 5505 Unlimited User Firewall Edition Bundle

ASA5505-SEC-BUN-K9  Cisco ASA 5505 Security Plus Firewall Edition Bundle

Security Plus Includes: Unlimited users, 8-port Fast Ethernet switch with 2 Power over Ethernet ports, 25 IPsec VPN peers, 2 SSL VPN peers, DMZ support, Stateless Active/Standby high availability, Dual ISP support, 3DES/AES license






0
 

Author Comment

by:anarine
ID: 22775204
Ok I'm about to select a device.
  I am going ahead with the ASA5505-UL-BUN-K9    
Can I always purchase the secuity plus later on as a software addon ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22775509
Yes, you can always upgrade. All it takes is a new license key, takes 10 seconds to put in and then a reboot.
0
 

Author Comment

by:anarine
ID: 22778574
Thanks for the help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question