Firewalling mixed environment with ADSL: doing it right?
Scenario: customer has eight sites, two of which are on an ethernet-type broadband connection (this is a service locally provided, with the router being fully transparent at the ISP side - you just plug an RJ45 in a socket and you are on the Net, with public IP address), six other sites are on ADSL. At present there is no connectivity between the sites (no VPNs or whatever). All sites are small (between 5 and 25 users each). In the future, more ADSL sites may be added. The two ethernet-sites have the main mail servers (Exchange), using XOSoft WANSync Exchange for replication (this product basically syncs the servers continuously across the WAN link).
The idea is:
The sites on ADSL will each be connected to the two ethernet sites (each ADSL site will have two VPNs: one to each of the ethernet sites). The Ethernet sites will have a VPN between them, and the VPNs to all of the ADSL sites. In other words: each ADSL site has two VPNs, and each ethernet site has seven VPNs at this stage (may have more later).
To do this, I am looking at getting 837's for each of the ADSL sites, and a 501 for one of the ethernet sites and a 515E for the other ethernet site. My question: would there be any likely issues with this?? Many thanks in advance!
Re: Firewalling mixed environment with ADSL: doing it right?
Thanks very much for your reply Yizhar - however the problem is that where I am (New Zealand), ADSL is different from elsewhere (we use PPPoA with static or dynamic IP address supplied by ISP through a DHCP-type setup, and forced NAT). This makes it hard (and according to some sources impossible) to use VPNs across 501's on an ADSL connection. Which is why I went for the 837's. I need a device with built-in ADSL router...
Sites will have fixed IP, services will be Exchange email, web browsing, remote access for us for troubleshooting purposes...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...