Questions on Implementing Cisco VPN 5500's series Router with VM's on WinServ2016 Datacenter
BACKGROUND:
I run a small association, with about 400 members. We're implementing new technology all the time, to support our vision for the future of what we want to do for members, and we have just recently invested in an HPE Proliant ML110 Gen9 server. I'm the defacto "CIO" and tech guru, so I got to install Windows Server 2016, setup (so far) three Virtual Machines, and have just installed Microsoft "CAL's" to allow access for RDP clients. We host an accounting application for a few of our members, and we want to increase those "mini-cloud services", including bookkeeping services. Thus the investment in a new server.
Each VM I have assigned a static IP address. Our current Windows 10 Pro server allows users to login (up to 10) and run the application, from their personal desktop. I wanted to beef up security, partitioning the disk into VM's, so each user doesn't even know their are other users on the server. So, we recently purchased a Linksys Router -- an EA9400 wireless unit -- but the Linksys support folks tell me that the reason our RDP clients can't get access to the VM's is the router tables don't support a VPN connection; and that this is what we'll need to setup for them to get access.
My plan is to have each user assigned to a unique IP port (not 3389, but something like 5000, 5001, 5002, etc. and for each entry, create a VPN table entry that routes the user to the correct virtual machine. Seemed rather straight forward to me, yet when I set this up in the EA9400, it wouldn't work.
MY QUESTION:
So, today I purchased a Cisco ASA5506-K9= Network Security Firewall Appliance I'm told this router requires an "AnyConnect Plus/Apex license". My question is, is this true, and if so, will THIS BE the last piece of gear -- software or hardware -- I'll need to purchase to get this going? I'm hoping that for a long, long time, all I would need to add is more RAM and/or more Hard Disk space.
TIA for any help! If I need to purchase some tech supt time, or pay for some consulting service, please advise. I'm just hoping there are some IT folks here that have actually set this up and are able to help make sure I'm heading in the right direction.
Andrew 'L'
I run a small association, with about 400 members. We're implementing new technology all the time, to support our vision for the future of what we want to do for members, and we have just recently invested in an HPE Proliant ML110 Gen9 server. I'm the defacto "CIO" and tech guru, so I got to install Windows Server 2016, setup (so far) three Virtual Machines, and have just installed Microsoft "CAL's" to allow access for RDP clients. We host an accounting application for a few of our members, and we want to increase those "mini-cloud services", including bookkeeping services. Thus the investment in a new server.
Each VM I have assigned a static IP address. Our current Windows 10 Pro server allows users to login (up to 10) and run the application, from their personal desktop. I wanted to beef up security, partitioning the disk into VM's, so each user doesn't even know their are other users on the server. So, we recently purchased a Linksys Router -- an EA9400 wireless unit -- but the Linksys support folks tell me that the reason our RDP clients can't get access to the VM's is the router tables don't support a VPN connection; and that this is what we'll need to setup for them to get access.
My plan is to have each user assigned to a unique IP port (not 3389, but something like 5000, 5001, 5002, etc. and for each entry, create a VPN table entry that routes the user to the correct virtual machine. Seemed rather straight forward to me, yet when I set this up in the EA9400, it wouldn't work.
MY QUESTION:
So, today I purchased a Cisco ASA5506-K9= Network Security Firewall Appliance I'm told this router requires an "AnyConnect Plus/Apex license". My question is, is this true, and if so, will THIS BE the last piece of gear -- software or hardware -- I'll need to purchase to get this going? I'm hoping that for a long, long time, all I would need to add is more RAM and/or more Hard Disk space.
TIA for any help! If I need to purchase some tech supt time, or pay for some consulting service, please advise. I'm just hoping there are some IT folks here that have actually set this up and are able to help make sure I'm heading in the right direction.
Andrew 'L'
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks to CompProbSolv and Pete Long for quick responses. I may not have complete mental clarity yet, but your posts were truly helpful. Two different ways to skin the Digital VPN cat, and both seem excellent. Some further research is in order.
ASKER
Thanks to CompProbSolv and Pete Long for quick responses. I may not have complete mental clarity yet, but your posts were truly helpful. Two different ways to skin the Digital VPN cat, and both seem excellent. Some further research is in order.
Cisco
Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).
27K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
and their "free" firewall software. It is quick and easy to install on any reasonable PC (add a good quality dual- or quad-port NIC) and is VERY flexible in terms of features. If you can get by with support by other users, then there's no cost beyond whatever you use for hardware.
This is not at all to be critical of the ASA5506. It is a very capable device, but you'll likely end up paying Cisco for ongoing licenses to get the features and support that you may well need.