Solution for small branch outlets

Unanswered Question
Apr 27th, 2007

Hi Our corportate network runs on a cisco based MPLS system. We have 2 ASA Cisco Firewalls which support our internet connection and VPN access. We are now being asked to open up a number of very small kiosk style stores that basically with have 3 or 4 terminals that provide internet access to the public and 2 or 3 devices that will be standard corporate PCs that will only be used by employees.

We are wondering what would be the best way from a network point of view to provide this. And are thinking that maybe we should get ADSL installed at the store. And then we were wondering if you could install a Cisco 800 router with its integrated switch and then configure say ports 1-3 to go straight out to the internet without connecting to the corportate network and the remaining ports would be configured to give a constant VPN connect either through our ASA or straight into our MPLS network.

The thing we don't know if techinically you can do this. Anyone know or have any suggestions?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dkeaton Fri, 04/27/2007 - 11:05

You can do this by creating two subnets (VLANs) on the 800 router. Create a nat statement that NATs the subnet you want to give Internet access. Create a crypto map that only tunnels and encrypts the other subnet that requires access back to corporate. I haven't used the ASA appliances yet, but have done this with the VPN3000 concentrators (acting as a hardware client) as well as to IOS routers (GRE/IPSec). So far this has worked well for up to about 6 users behind an 871 for us.

asmith1972 Fri, 04/27/2007 - 11:32

thank you - do you know if we would also be able to support Call Manager IPT in this type of setup?


This Discussion