Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Switch or a Router

Hi We have 2 remote offices that are in a shared building. The building has a internet connection and we are given a port that we can plug in a switch and from this we can plug in our PCs that get a IP address which allows them to connected on the network.

Now our main office has a ASA firewall and we would like the users at these remote locations to be able to connect to our corporate network via the ASA.

We know we can do this using VPN and having each user double click on a VPN client on there desktop. But we would like to have a "always on" solution so that the router or switch does the VPN connect.

Would you say it would be better for us to get a router to do this or can a switch also do a VPN connect to a ASA firewall??

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Switch or a Router

Hi

There are several reasons for using a firewall, ASA, in this configuration.

Right now you plug yourself into a unknown source of Internet access and try to defend yourself with the software "firewalls" that make up the VPN client or such (Xp "firewall").

This is a security nightmare and will not work in the long run.

If I was conulted to help you sort this out I would start with 2 ASA5505 wich has 8 ports each. One ASA-5505 for each remote office.

The ASA will act both as a firewall and shelter your machines from the unwanted traffic from Internet.

Now if we are lucky thats enough for the regional offices since the ASA-5505 is both a Firewall and a Switch. ASA-5505 is an 8 port device, and in this scenario you would use 1 external and 7 internal interfaces. Hopefully you do not have more than 7 IP devices (computers) on those unsecure networks right now.

If you do have more computers on the network then I would recomend a 2960 switch to go with that ASA.

Most bang for the buck.

Good luck

3 REPLIES
Hall of Fame Super Blue

Re: Switch or a Router

Hi

I would recommend either a router or another ASA device. If you get a router make sure that it has the right IOS on it, usually something along the lines of advanced security features, so that you can create VPN's.

Switches generally speaking do not support IPSEC vpns.

HTH

Jon

New Member

Re: Switch or a Router

Generally switches cannot do VPN connections (except 6500/4500 with special modules).

ASA is your best choise here - good performance and no interoperability issues with your main ASA.

Gold

Re: Switch or a Router

Hi

There are several reasons for using a firewall, ASA, in this configuration.

Right now you plug yourself into a unknown source of Internet access and try to defend yourself with the software "firewalls" that make up the VPN client or such (Xp "firewall").

This is a security nightmare and will not work in the long run.

If I was conulted to help you sort this out I would start with 2 ASA5505 wich has 8 ports each. One ASA-5505 for each remote office.

The ASA will act both as a firewall and shelter your machines from the unwanted traffic from Internet.

Now if we are lucky thats enough for the regional offices since the ASA-5505 is both a Firewall and a Switch. ASA-5505 is an 8 port device, and in this scenario you would use 1 external and 7 internal interfaces. Hopefully you do not have more than 7 IP devices (computers) on those unsecure networks right now.

If you do have more computers on the network then I would recomend a 2960 switch to go with that ASA.

Most bang for the buck.

Good luck

121
Views
0
Helpful
3
Replies