I'll have a total of 3 physical sites, 2 of which will aggregate to Site 2 via Single Mode fiber.
Site 1 -> Site 2
Site 3 -> Site 2
I have implemented site-to-site VPN's before, but this seems a bit different to me. I'll need to connect from Site 1 to Site 3 going through Site 2. These links need to be encrypted as well. I assume a firewall placed at Site 2 would be capable of decrypting/encrypting if a request is made from Site 1 to Site 3?
In terms of logical topology, is it common/best practice to NAT a routable IP into a private address space for use behind the firewall?
This is going to be a private network which will not be connected to any other public or private network.
My hardware choices are;
ASA 5510, 5520, 5540
I am looking at the product lists for the ASA series. I have some specific questions regarding throughput. I am confused at the numbers below. I understand the firewall throughput, but what about the VPN throughput. In Cisco terms, does VPN also equal Encryption/IPSec? How can I determine my throughput with encryption configured?
Firewall Throughput Up to 300 Mbps
Maximum Firewall and IPS Throughput
Up to 150 Mbps with AIP SSM-10
Up to 300 Mbps with AIP SSM-20
VPN Throughput Up to 170 Mbps
In terms of hardware, the ASA 5550 supports 4 SFP fiber ports. Is there a module I can put into one of the lower end ASA's to get fiber SFP ports? If not, I assume the only other way to connect fiber to an ASA is through a transceiver, correct?
I would also appreciate any configuration/implementation guides you might know of for firewall encryption.
Sorry for the long winded post, thanks in advance for any help/advice.