I work for a non-profit so money is tight for the IT department. Headquarters consists of 25 users and there are three sattelite offices consisting of only two people in each office. I am looking for as low of a cost hardware solution as possible for a Cisco Firewall with VPN capabilities at headquarters. Doesn't have to be a PIX......could be Cisco Router (again.....must have VPN).
Also, could I get away with using WIndows 2000 VPN capabilities (without a VPN hardware device) out at the remote offices connecting to your recommended hardware Firewall / VPN device? Or do I need to go hardware device (remote client) to hardware device (at headquarters) when building the VPN?
its a bit difficult to implement a Cisco solution without having money to do it, isnt it? First you need the central internet connection with permanent ip address. Traffic from your three sattelites defines your needed bandwith there. And finally your provider must tell you, which port is needed to connect to the internet. Then you can choose a product for connction. If you can do it by ethernet (PPPoE is no problem) then I think, the PIX 501 with 3DES/AES encryption license is the cheapest way (but not optimal). On the remote sites you can use the Cisco VPN-Client to connect to the PIX. Only 10 SAs at one time an limited throughput, but cheap.
Thank you for your help Norbert. At 56Bit DES, I think the 6Mbps will be adequate for our 5 remote VPN users, although there is not much room for growth (10 max with licenses), but if I'm correct on this, I could always purchase more licenses and add to that?
And I believe it will be mostle inbound VPN access as I don't think there will be much outbound VPN from HQ to the remote sites.
It appears to be a pretty good solution but like you said, not optimal.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :