cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
452
Views
10
Helpful
7
Replies

Help with choice of harware solution

csn_paul_
Level 1
Level 1

I am running a small company network of less than 50 employees and have little to no experience with VPN other than pptp and have no CISCO product experience. We are a small non-profit company and also have a limited budget. I am planning on adding several remote locations ina site-site vpn situation. currently, each person at the remote sites use pptp to connect to internal services such as intranet and client-server apps. I want something more secure as well as get them on the same network so I can remote manage their computers.

There are 10 remote sites, each with 2-5 users in each site. Will also occasionaly need to allow traveling users into the vpn.

I was looking at an ASA 5505 at the main office and possibly some 8xx series routers for each remote location. Will the 5505 handle that load or would a 5510 be what is needed?

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

Hi

An ASA5505 can support up to 100Mb of VPN traffic so it should more than meet your requirements.

But bear in mind that the numbers of site-to-ste and remote access vpn's it supports are quite low. As you need to support a minimum of 10 remote sites you already need the Security Plus license upgrade on the ASA 5505.

In case you haven't seen it attached is the ASA model comparison data sheet.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

You should always plan for future needs so if any of the figures look a bit too restricting think about going to the next model up.

HTH

Jon

Thanks for the quick response! Below is what i will receive with the ASA

"The ASA 5505 includes an 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, Triple Data Encryption Standard Virtual Private Network/Advanced Encryption Standard (3DES/AES) license, 1 expansion slot, and an unlimited user license. It delivers up to 150 Mbps of firewall throughput and 100 Mbps of VPN throughput"

So it appears I will have unlimited user license. Is that the same as what your mentioned?

Also, will each remote location need to have a unique subnet from each other? My internal network will be moved to 10.0.0.0, so I was planning on each remote location to be 10.0.x.0 or somthing of that sort. Is that even necessary?

Hi

No the unlimted user license is not the same as the 10/25 VPN restriction. Have a look at the datasheet.

Yes, to make the VPN setup simple use different subnets at each site.

HTH

Jon

Got it...looks like this would come with the 25 PVN peers. So that should be enough with room to grow.

thanks for the help!

guruprasadr
Level 7
Level 7

HI Paul, [PLS RATE if HELPS]

"800" Series router is highly enough for your small branch office setup.

Whereas you ASA 5505 should have enough interfaces availaible for connecting remote offices to the main office.

Neverthless, i am afraid whether ASA 5505 will support 10 site-to-site VPN Tunnels or not. Since ASA 5505 is also one of the Security Product i am aware it needs some kind of Security licenses purchased from Cisco. You can go for some 3800 Series Router at your main office which will have all capability of VPN, Security, etc., Features also it can handle more BO connectivity of any type and protocols. Atlast consider for your future expansion Projects also ! !

PLS RATE if HELPS

Best Regards,

Guru Prasad R

Thanks for the suggestions...but my company will not have access to the 3800 series routers...but would have access to 1811 router. It looks like it supports 50 tunnels supported with 40 Mbps 3DES @ 1400 byte packets.

Would this be preferrable to the ASA5505?

HI Paul,

Yes, 1800 Router will be support your request feature, in addition to the above please refer link below for 1800 Router DATA Sheet:

http://www.cisco.com/en/US/products/ps5853/index.html

INFO: Consider your future expansion plans.

Pls RATE if HELPS

Best Regards,

Guru Prasad R

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco