Migrating from SBS2003 Premium to Windows 2012 R2

Hi all

I have the following scenario:

Main Office: SBS2003 Premium DC (ISA 2004 + Exchange 2003 on premises) + 2 Windows 2003 TS with
5 small office connected on VPN (Cisco router <-> Cisco router)

I have to migrate to Windows 2012 R2 DC + Exchange 2013 on premises + 2 Windows 2008 R2 TS (with legacy appplication not compatible with Windows 2012 R2 at the moment) and Cisco ASA 5012X acts as firewall.

Wich is the best VPN solution on the new scenario ?

Cisco router -> Cisco ASA ? or Cisco VPN client on every client on the small office to Cisco ASA ?

Thank everybody would give me a suggestion

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPRetiredCommented:
do it at the connection level i.e. Cisco Anyconnect.
Larry Struckmeyer MVPCommented:
As suggested, firewall to firewall VPNs are more stable and less management headaches than individual pc software connections.

You did not ask but look into HyperV for your new deployment.  Could save you significant hardware expense.  Especially since you infer that the 2008 servers are temporary.  You can use downgrade rights on Server 2012 R2 and install both on one machine, or even all four.
PiertonioAuthor Commented:
Thank you guys... I forgot to say everything will be virtualized on a vmware esxi host...
CEOs need to know what they should worry about

Nearly every week during the past few years has featured a headline about the latest data breach, malware attack, ransomware demand, or unrecoverable corporate data loss. Those stories are frequently followed by news that the CEOs at those companies were forced to resign.

Pete LongTechnical ConsultantCommented:
From your remote sites to the main site, standard site to site IPSEC VPN is your best bet.

Cisco ASA5500 Site to Site VPN from ASDM

Or if, (like me toy prefer to work at command line);
Cisco ASA 5500 Site to Site VPN (From CLI)

Hers how to configure the other end of the VPNs on the Routers (Im assuming that are Cisco)
Cisco Router - Configure Site to Site IPSEC VPN

Then for you remote workers to connect by VPN, (as suggested), above use AnyConnect
Cisco ASA 5500 AnyConnect Setup From Command Line

Bear in mind you will only be licensed for two AnyConnect sessions, if you want more you will need to get an upgrade licence
AnyConnect 4 - Plus and Apex Licensing Explained


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PiertonioAuthor Commented:
Thank you so much for your suggestions.
I setup this configuration:

On the Client side user launchs Cisco Anyconnect to ASA and after the tunnel is up user launchs Microsoft VPN client to be authenticated in the domain. User can browse network and open OWA as well but after configured on outlook client th exchange profile cannot start outlook because it cannot open exchange folders. Wich ports should I open ? I was sure VPN tunnel could be enough to connect whitout any protocol issues. But maybe ASA blocks some protocols or ports ... could you give me any suggestions ?
Larry Struckmeyer MVPCommented:
Sure... use Outlook Anywhere.  No need for the VPN and OL works the same as if the client was in the same office as the Exchange Server.  After all, that is how hosted exchange works.  But in this case you are your own host for the remote users.

And... you don't need to be behind the ASA to get this to work.  You could take a laptop anywhere there is internet, or a desktop at a home user or a remote office.  

The hardware to hardware VPN is good for file access but is not needed for OL to Exchange
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.