Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN - IPSEC Site to Site using Router? or ASA5515

Posted on 2014-01-07
5
Medium Priority
?
790 Views
Last Modified: 2014-01-07
why would a person or company set up a site to site vpn emanating from an Cisco ASA 5515 rather than from a Cisco 2951 router.

I"m asking about Cisco because that's what I have.  But you can use more generic examples if that's what your comfortable with.  

I'm just trying to understand the rationale behind using the firewall rathe than the router.
0
Comment
Question by:brothertruffle880
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 98

Accepted Solution

by:
John Hurst earned 668 total points
ID: 39762010
The box you use for VPN needs to have VPN firmware and capability built into it. If the Firewall box has this capability, there is no reason not to use it.

Generally I see VPN built into routers. So I have a Cisco RV042G VPN router in my home office and it has site to site tunnels with clients who have Juniper Netscreen boxes. These are essentially routers as well.

So to directly answer your question, if the Firewall in question has VPN capability, then no reason not use it.

... Thinkpads_User
0
 
LVL 11

Assisted Solution

by:Miftaul
Miftaul earned 664 total points
ID: 39762035
A routers primary job is Routing, companies add more feature to it, but that's its primary function.

A firewall appliance like ASA's primary job is to protect trusted traffic from untrusted. Allowing only required traffic to pass. It has hardware resource to smartly process the encryption/hashing computations. It does content filtering, IPS/IDS and manymore, which for a router is too much to do.

Cisco ASA 5515 is a hardware firewall appliance, wherein Cisco 2951 is a router. Site-to-site and Remote Access VPN is primarily ASA's job than 2951 router.
0
 
LVL 22

Assisted Solution

by:Matt V
Matt V earned 668 total points
ID: 39762171
Miftaul is correct, the ASA is designed as a firewall/VPN device.  Routers are for routing and connecting varying media (Ethernet and Frame relay for example).

If you have both a router and an ASA, it makes sense to terminate the VPNs (site to site and remote access) in the ASA.
0
 

Author Comment

by:brothertruffle880
ID: 39762279
Thanks.  Excellent insight on the topic.  Thanks.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 39762290
Thanks and I was happy to help.

... Thinkpads_User
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question