I just found out that we are bringing on two more employees, both of whom will be working from their homes (they live in Los Angeles, CA, home office is in Spokane, WA).
We will be putting a local PC and Cisco IP Phone at each of their homes, and traditionally we have been using a PIX 501 and a VPN tunnel to accomplish the connectivity. We have three other employees already set up like this.
Because of the additional employees, I am going to be getting the funding for a new "hub" VPN device here at the main office and I want to do it right and move the current VPN users over to it as well (we are currently using a NetGear VPN router and it has reached its capacity). I was planning on using an ISR router with Cisco IOS Firewall to do the IPSEC VPNs, but I would like to know if the NetPro community has any suggestions on whether or not that would be a good idea or what would be a better solution.
We will need to give the remote users access to multiple subnets here at the main office, and would like their Internet access to bypass the tunnel and leave from their remote devices to cut down on traffic.
I hope I have provided enough information, my mind is reeling from the prospect of my network growing very quickly. :)
Thanks for any and all suggestions you can provide,
There will be between 8 and 10 IPSEC VPN tunnels initially, and it could grow to 20-25 depending on other factors in the future.
In addition, I would like to use SSL VPN to replace our PPTP dial-in VPN connections. There are generally between 5 and 10 of those connected at a time.
Throughput shouldn't be a problem because we will be limited by the T1 incoming Internet feed.
This device will be for VPN termination only, all other services are handled by a 2821 ISR.
I am infinitely more familiar and comfortable with IOS configuration than I am with PIX, and I haven't had any experience with ASA.
I have my eye on an 1841 ISR security bundle right now, and it looks like it can handle everything I'm looking for, with the possible exception of SSL VPN.. I do not know if it supports that or what other licenses I would need to get that support.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...