I am running a small company network of less than 50 employees and have little to no experience with VPN other than pptp and have no CISCO product experience. We are a small non-profit company and also have a limited budget. I am planning on adding several remote locations ina site-site vpn situation. currently, each person at the remote sites use pptp to connect to internal services such as intranet and client-server apps. I want something more secure as well as get them on the same network so I can remote manage their computers.
There are 10 remote sites, each with 2-5 users in each site. Will also occasionaly need to allow traveling users into the vpn.
I was looking at an ASA 5505 at the main office and possibly some 8xx series routers for each remote location. Will the 5505 handle that load or would a 5510 be what is needed?
An ASA5505 can support up to 100Mb of VPN traffic so it should more than meet your requirements.
But bear in mind that the numbers of site-to-ste and remote access vpn's it supports are quite low. As you need to support a minimum of 10 remote sites you already need the Security Plus license upgrade on the ASA 5505.
In case you haven't seen it attached is the ASA model comparison data sheet.
Thanks for the quick response! Below is what i will receive with the ASA
"The ASA 5505 includes an 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, Triple Data Encryption Standard Virtual Private Network/Advanced Encryption Standard (3DES/AES) license, 1 expansion slot, and an unlimited user license. It delivers up to 150 Mbps of firewall throughput and 100 Mbps of VPN throughput"
So it appears I will have unlimited user license. Is that the same as what your mentioned?
Also, will each remote location need to have a unique subnet from each other? My internal network will be moved to 10.0.0.0, so I was planning on each remote location to be 10.0.x.0 or somthing of that sort. Is that even necessary?
"800" Series router is highly enough for your small branch office setup.
Whereas you ASA 5505 should have enough interfaces availaible for connecting remote offices to the main office.
Neverthless, i am afraid whether ASA 5505 will support 10 site-to-site VPN Tunnels or not. Since ASA 5505 is also one of the Security Product i am aware it needs some kind of Security licenses purchased from Cisco. You can go for some 3800 Series Router at your main office which will have all capability of VPN, Security, etc., Features also it can handle more BO connectivity of any type and protocols. Atlast consider for your future expansion Projects also ! !
Thanks for the suggestions...but my company will not have access to the 3800 series routers...but would have access to 1811 router. It looks like it supports 50 tunnels supported with 40 Mbps 3DES @ 1400 byte packets.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...