Hi We have 2 remote offices that are in a shared building. The building has a internet connection and we are given a port that we can plug in a switch and from this we can plug in our PCs that get a IP address which allows them to connected on the network.
Now our main office has a ASA firewall and we would like the users at these remote locations to be able to connect to our corporate network via the ASA.
We know we can do this using VPN and having each user double click on a VPN client on there desktop. But we would like to have a "always on" solution so that the router or switch does the VPN connect.
Would you say it would be better for us to get a router to do this or can a switch also do a VPN connect to a ASA firewall??
There are several reasons for using a firewall, ASA, in this configuration.
Right now you plug yourself into a unknown source of Internet access and try to defend yourself with the software "firewalls" that make up the VPN client or such (Xp "firewall").
This is a security nightmare and will not work in the long run.
If I was conulted to help you sort this out I would start with 2 ASA5505 wich has 8 ports each. One ASA-5505 for each remote office.
The ASA will act both as a firewall and shelter your machines from the unwanted traffic from Internet.
Now if we are lucky thats enough for the regional offices since the ASA-5505 is both a Firewall and a Switch. ASA-5505 is an 8 port device, and in this scenario you would use 1 external and 7 internal interfaces. Hopefully you do not have more than 7 IP devices (computers) on those unsecure networks right now.
If you do have more computers on the network then I would recomend a 2960 switch to go with that ASA.
Most bang for the buck.