Help with choice of harware solution

Unanswered Question
Aug 6th, 2007

I am running a small company network of less than 50 employees and have little to no experience with VPN other than pptp and have no CISCO product experience. We are a small non-profit company and also have a limited budget. I am planning on adding several remote locations ina site-site vpn situation. currently, each person at the remote sites use pptp to connect to internal services such as intranet and client-server apps. I want something more secure as well as get them on the same network so I can remote manage their computers.

There are 10 remote sites, each with 2-5 users in each site. Will also occasionaly need to allow traveling users into the vpn.

I was looking at an ASA 5505 at the main office and possibly some 8xx series routers for each remote location. Will the 5505 handle that load or would a 5510 be what is needed?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Loading.
Jon Marshall Mon, 08/06/2007 - 09:12

Hi

An ASA5505 can support up to 100Mb of VPN traffic so it should more than meet your requirements.

But bear in mind that the numbers of site-to-ste and remote access vpn's it supports are quite low. As you need to support a minimum of 10 remote sites you already need the Security Plus license upgrade on the ASA 5505.

In case you haven't seen it attached is the ASA model comparison data sheet.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

You should always plan for future needs so if any of the figures look a bit too restricting think about going to the next model up.

HTH

Jon

csn_paul_ Mon, 08/06/2007 - 09:21

Thanks for the quick response! Below is what i will receive with the ASA

"The ASA 5505 includes an 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, Triple Data Encryption Standard Virtual Private Network/Advanced Encryption Standard (3DES/AES) license, 1 expansion slot, and an unlimited user license. It delivers up to 150 Mbps of firewall throughput and 100 Mbps of VPN throughput"

So it appears I will have unlimited user license. Is that the same as what your mentioned?

Also, will each remote location need to have a unique subnet from each other? My internal network will be moved to 10.0.0.0, so I was planning on each remote location to be 10.0.x.0 or somthing of that sort. Is that even necessary?

Jon Marshall Mon, 08/06/2007 - 09:24

Hi

No the unlimted user license is not the same as the 10/25 VPN restriction. Have a look at the datasheet.

Yes, to make the VPN setup simple use different subnets at each site.

HTH

Jon

csn_paul_ Mon, 08/06/2007 - 09:33

Got it...looks like this would come with the 25 PVN peers. So that should be enough with room to grow.

thanks for the help!

guruprasadr Mon, 08/06/2007 - 09:12

HI Paul, [PLS RATE if HELPS]

"800" Series router is highly enough for your small branch office setup.

Whereas you ASA 5505 should have enough interfaces availaible for connecting remote offices to the main office.

Neverthless, i am afraid whether ASA 5505 will support 10 site-to-site VPN Tunnels or not. Since ASA 5505 is also one of the Security Product i am aware it needs some kind of Security licenses purchased from Cisco. You can go for some 3800 Series Router at your main office which will have all capability of VPN, Security, etc., Features also it can handle more BO connectivity of any type and protocols. Atlast consider for your future expansion Projects also ! !

PLS RATE if HELPS

Best Regards,

Guru Prasad R

csn_paul_ Mon, 08/06/2007 - 09:38

Thanks for the suggestions...but my company will not have access to the 3800 series routers...but would have access to 1811 router. It looks like it supports 50 tunnels supported with 40 Mbps 3DES @ 1400 byte packets.

Would this be preferrable to the ASA5505?

Actions

This Discussion