Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Firewall between HQ and Remote Site Question

Hi,

we are planning on connecting a new aquired company to ours soon?We will connect the remote site to the HQ via a D3. I've been told we will need to have a firewall between them and us for a time. I was thinking of terminating the D3 connection at the remote site of 80 users.

Can I use the asr as a firewall as well, to protect the HQ from the Remote site - or should I use a seperate appliance?

I was thinking of a asa5505 but, am concerned with bandwidth limitations of the box?

Physically, where would be the best place to place the firewall?

Thanks, Pat.

1 REPLY

Firewall between HQ and Remote Site Question

Hi Bro

Yes, you can place a Cisco ASR in between your office and the newly acquired office, if it’s a temporary solution, since you’re gonna discontinue the DS3 line anyway.

Nonetheless, if this is a permanent solution, a Cisco ASA 5505 would best suite here. After all, the DS3 bandwidth is 45Mbps and the Cisco ASA 5505 hardware throughput is 150Mbps. Furthermore, you can have an IPS module inserted into the Cisco ASA 5505 to enhance security e.g. Layer 7 packet inspection, anomaly detection etc.

It is always best to place the FW from where the source is coming from. In your case, it will be best that the FW is placed in the newly acquired office. With this, only legitimate packets will utilize the DS3 line. If you were to place the FW or ASR in your office instead, garbage packets will flow from the newly acquired office to your office, and only to be inspected in your office. That’s never the way to go.

Part Num.          ASA5505-SEC-BUN-K9

Part Desc.         Cisco ASA 5505 Unlimited-User Security Plus Bundle includes 8-port Fast Ethernet switch,

                        25 IPsec VPN peers, 2 Premium VPN peers, DMZ, stateless Active/Standby high

                        availability, 3DES/AES license

Part Num.          ASA5505-U-AIP5P-K9    

Part Desc.         Cisco ASA 5505 unlimited user with AIP SSC-5 and Security Plus License bundle

P/S: If you think this comment is helpful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
251
Views
0
Helpful
1
Replies
CreatePlease to create content