tmaususer
asked on
VPN Router - bird's eye view
work for a medium size company. We have a 5508x firewall with IPSEC Remote Access VPN setup on it and an AnyConnect setup too. These work fine when an individual client logs in with client software.
We have a remote warehouse that uses the VPN buy logging the same – as a client.
Sometimes they complain about the speed. We were thinking if we bought a RV260 Remote VPN router that we could just put it at the warehouse and enter our public address and a few credentials and this would improve the speed and simplicity. It is not that simple. So, I have some questions.
Do we need two remote VPN routers, one at the main office and one at the warehouse? Then, do we need a separate Internet connection? Does the ASA act as the VPN router on our side?
I have a simple guide to setup the VPN router, but I unclear about the general setup.
Do I need to setup a site-to-site tunnel , which I don’t know how to do? I barely understand the IPSEC, IKE, Duff-Hillman, AES-192, etc. I imagine both sides have to match?
Anyway, I am not very clear on how the device functions. Do I need two, do I need to attach one to the firewall, what’s the general idea of how this works? Could someone give me a quick bird’s eye overview?
We have a remote warehouse that uses the VPN buy logging the same – as a client.
Sometimes they complain about the speed. We were thinking if we bought a RV260 Remote VPN router that we could just put it at the warehouse and enter our public address and a few credentials and this would improve the speed and simplicity. It is not that simple. So, I have some questions.
Do we need two remote VPN routers, one at the main office and one at the warehouse? Then, do we need a separate Internet connection? Does the ASA act as the VPN router on our side?
I have a simple guide to setup the VPN router, but I unclear about the general setup.
Do I need to setup a site-to-site tunnel , which I don’t know how to do? I barely understand the IPSEC, IKE, Duff-Hillman, AES-192, etc. I imagine both sides have to match?
Anyway, I am not very clear on how the device functions. Do I need two, do I need to attach one to the firewall, what’s the general idea of how this works? Could someone give me a quick bird’s eye overview?
A site-site vpn vs a client-site vpn won't change the access speed. You will always be limited to the bandwidth of each end of the tunnel. A vpn will be slower than a direct connection since the data is encapsulated.. This is measurable but not usually an issue.
ASKER
If I follow the VPN setup wizard in ASDM it wants me to enter a IKE pre-shared key but elsewhere warns that the key be shared with all VLAN connections. If I enter the same pre-shared key will the other VPN connections still work, or will a new hash be made and mess up the existing profiles?
a VLAN is not a VPN
It will be a separate unique profile
It will be a separate unique profile
ASKER
typo, I meant VPN
ASKER
David was helpful in a similar question I asked.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.