They require a remote access VPN solution, which connects back to three locations -Scotland, London and New York (using ASA's or their existing PIX 515e's).
The users are geographically dispersed around the world, but with the majority in the UK and the US. The requirement has tow main aspects -
1)High availability - the users connect to primary location (i.e. Scotland) but if unavailable, they automatically connect to the secondary (i.e. London) and then to the tertiary (i.e. NY). I believe this can be achieved using the Cisco client software and specifying the three connections in order of preference.
2)'Role based' authentication and access privileges. Therefore if a standard user connects, they only get access to a limited set of applications i.e. mail and web, but if an Administrator connects they would get access to a much larger set of apps. What is the simplest way of achieving this? Can Cisco VPN integrate with the active directory profiles already in use? Would I need Cisco ACS? If so, would I need ACS in all three locations? Would SSL or IPSec be a more appropriate technology?
ASA/PIX does support active directory profiles, however for role based authentication to work you will need ACS. The ACS will be required on a single location however a backup ACS is recommended if primary ACS fails due to some reason. In your case I think SSL vpn will be good choice.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...