Our Company has 4 offices. The total employee count for all offices is ~350. No expected growth. I want to have a cost effective solution to get rid of our Frame Relay (hub and spoke) and have Site to Site VPN's but also do Remote access....is PIX best? Routers? Concentrators??
The answer to your Q is Yes. You have to come up with a policy for your company to use PIX fire wall at Central site and IOS routers at branch offices. You have to look at your current addressing scheme and decide if it is the best one to use. You have to decide as to how much of the traffic stays internal to your individual sites and how much is going through your current FR links. If you want a large number of sessions between your main office and other branch offices, you may need a VPN concentrator inaddition to a PIX fire wall at the central site.
You can create VPNs between PIX at central office and routers at remote sites. You can also use VPN clients on mobile users and connect to PIX and also to routers (IOS V12.2 and VPN client 3.5.1). Should you need more information, there are plenty of design documents on CCO and also SAFE document is available which will be helpful.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...