cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
348
Views
0
Helpful
3
Replies

Switch or a Router

asmith1972
Level 1
Level 1

Hi We have 2 remote offices that are in a shared building. The building has a internet connection and we are given a port that we can plug in a switch and from this we can plug in our PCs that get a IP address which allows them to connected on the network.

Now our main office has a ASA firewall and we would like the users at these remote locations to be able to connect to our corporate network via the ASA.

We know we can do this using VPN and having each user double click on a VPN client on there desktop. But we would like to have a "always on" solution so that the router or switch does the VPN connect.

Would you say it would be better for us to get a router to do this or can a switch also do a VPN connect to a ASA firewall??

Thanks

1 Accepted Solution

Accepted Solutions

hobbe
Level 7
Level 7

Hi

There are several reasons for using a firewall, ASA, in this configuration.

Right now you plug yourself into a unknown source of Internet access and try to defend yourself with the software "firewalls" that make up the VPN client or such (Xp "firewall").

This is a security nightmare and will not work in the long run.

If I was conulted to help you sort this out I would start with 2 ASA5505 wich has 8 ports each. One ASA-5505 for each remote office.

The ASA will act both as a firewall and shelter your machines from the unwanted traffic from Internet.

Now if we are lucky thats enough for the regional offices since the ASA-5505 is both a Firewall and a Switch. ASA-5505 is an 8 port device, and in this scenario you would use 1 external and 7 internal interfaces. Hopefully you do not have more than 7 IP devices (computers) on those unsecure networks right now.

If you do have more computers on the network then I would recomend a 2960 switch to go with that ASA.

Most bang for the buck.

Good luck

View solution in original post

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Hi

I would recommend either a router or another ASA device. If you get a router make sure that it has the right IOS on it, usually something along the lines of advanced security features, so that you can create VPN's.

Switches generally speaking do not support IPSEC vpns.

HTH

Jon

Generally switches cannot do VPN connections (except 6500/4500 with special modules).

ASA is your best choise here - good performance and no interoperability issues with your main ASA.

hobbe
Level 7
Level 7

Hi

There are several reasons for using a firewall, ASA, in this configuration.

Right now you plug yourself into a unknown source of Internet access and try to defend yourself with the software "firewalls" that make up the VPN client or such (Xp "firewall").

This is a security nightmare and will not work in the long run.

If I was conulted to help you sort this out I would start with 2 ASA5505 wich has 8 ports each. One ASA-5505 for each remote office.

The ASA will act both as a firewall and shelter your machines from the unwanted traffic from Internet.

Now if we are lucky thats enough for the regional offices since the ASA-5505 is both a Firewall and a Switch. ASA-5505 is an 8 port device, and in this scenario you would use 1 external and 7 internal interfaces. Hopefully you do not have more than 7 IP devices (computers) on those unsecure networks right now.

If you do have more computers on the network then I would recomend a 2960 switch to go with that ASA.

Most bang for the buck.

Good luck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: