we are planning on connecting a new aquired company to ours soon?We will connect the remote site to the HQ via a D3. I've been told we will need to have a firewall between them and us for a time. I was thinking of terminating the D3 connection at the remote site of 80 users.
Can I use the asr as a firewall as well, to protect the HQ from the Remote site - or should I use a seperate appliance?
I was thinking of a asa5505 but, am concerned with bandwidth limitations of the box?
Physically, where would be the best place to place the firewall?
Yes, you can place a Cisco ASR in between your office and the newly acquired office, if it’s a temporary solution, since you’re gonna discontinue the DS3 line anyway.
Nonetheless, if this is a permanent solution, a Cisco ASA 5505 would best suite here. After all, the DS3 bandwidth is 45Mbps and the Cisco ASA 5505 hardware throughput is 150Mbps. Furthermore, you can have an IPS module inserted into the Cisco ASA 5505 to enhance security e.g. Layer 7 packet inspection, anomaly detection etc.
It is always best to place the FW from where the source is coming from. In your case, it will be best that the FW is placed in the newly acquired office. With this, only legitimate packets will utilize the DS3 line. If you were to place the FW or ASR in your office instead, garbage packets will flow from the newly acquired office to your office, and only to be inspected in your office. That’s never the way to go.
Part Num. ASA5505-SEC-BUN-K9
Part Desc. Cisco ASA 5505 Unlimited-User Security Plus Bundle includes 8-port Fast Ethernet switch,
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :