We help IT Professionals succeed at work.

Questions on Implementing Cisco VPN 5500's series Router with VM's on WinServ2016 Datacenter

Andrew Lietzow
on
114 Views
Last Modified: 2018-08-29
BACKGROUND:
I run a small association, with about 400 members.  We're implementing new technology all the time, to support our vision for the future of what we want to do for members, and we have just recently invested in an HPE Proliant ML110 Gen9 server.  I'm the defacto "CIO" and tech guru, so I got to install Windows Server 2016, setup (so far) three Virtual Machines, and have just installed Microsoft "CAL's" to allow access for RDP clients.   We host an accounting application for a few of our members, and we want to increase those "mini-cloud services", including bookkeeping services.   Thus the investment in a new server.  

Each VM I have assigned a static IP address.  Our current Windows 10 Pro server allows users to login (up to 10) and run the application, from their personal desktop.  I wanted to beef up security, partitioning the disk into VM's, so each user doesn't even know their are other users on the server.   So, we recently purchased a Linksys Router -- an EA9400 wireless unit -- but the Linksys support folks tell me that the reason our RDP clients can't get access to the VM's is the router tables don't support a VPN connection; and that this is what we'll need to setup for them to get access.  

My plan is to have each user assigned to a unique IP port (not 3389, but something like 5000, 5001, 5002, etc. and for each entry, create a VPN table entry that routes the user to the correct virtual machine.   Seemed rather straight forward to me, yet when I set this up in the EA9400, it wouldn't work.  

MY QUESTION:

So, today I purchased a Cisco ASA5506-K9= Network Security Firewall Appliance  I'm told this router requires an "AnyConnect Plus/Apex license".  My question is, is this true, and if so, will THIS BE the last piece of gear -- software or hardware -- I'll need to purchase to get this going?   I'm hoping that for a long, long time, all I would need to add is more RAM and/or more Hard Disk space.  

TIA for any help!   If I need to purchase some tech supt time, or pay for some consulting service, please advise.  I'm just hoping there are some IT folks here that have actually set this up and are able to help make sure I'm heading in the right direction.  

Andrew 'L'
Comment
Watch Question

CERTIFIED EXPERT

Commented:
I realize that you just purchased the ASA5506, but will suggest that you consider a different route altogether.  Take a look at PFSense.com
 and their "free" firewall software.  It is quick and easy to install on any reasonable PC (add a good quality dual- or quad-port NIC) and is VERY flexible in terms of features.  If you can get by with support by other users, then there's no cost beyond whatever you use for hardware.

This is not at all to be critical of the ASA5506.  It is a very capable device, but you'll likely end up paying Cisco for ongoing licenses to get the features and support that you may well need.
Technical Architect
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Andrew LietzowExec Dir/CIO

Author

Commented:
Thanks to CompProbSolv and Pete Long for quick responses.  I may not have complete mental clarity yet, but your posts were truly helpful.   Two different ways to skin the Digital VPN cat, and both seem excellent.   Some further research is in order.
Andrew LietzowExec Dir/CIO

Author

Commented:
Thanks to CompProbSolv and Pete Long for quick responses.  I may not have complete mental clarity yet, but your posts were truly helpful.   Two different ways to skin the Digital VPN cat, and both seem excellent.   Some further research is in order.