We are planning to setup a network with a Head Office and 8 branch offices. All the branch offices have got less than 20 users and they need to access DB server and File server in HO. At present we have got Cisco 1900 ISR on all the branch offices and ASA 5505 in HO. Can we setup a VPN network between these sites. If so how do we design this? Is there a Cisco design documentation to do the same?
With the ASA at your head office you cannot use DMVPN as your overlay so we typically fall back to the IPsec LAN-LAN VPN (sometimes referred to as site-site). There are many many configuration examples for this - see, for example, the ones under the heading "Site to Site VPN" here:
Withe respect to routing, the simplest method is if the 5505 and the remote site 1900 ISR routers are the default gateway for their respective site. If so, the the access-lists on each device identify traffic destined for one of the remote sites and encapsulate it into IPsec for transmission to the peer's public IP address. At the distant end it is received, decapsulated and passed on the the remote hosts.
Of the two you mentioned just now, the DMVPN is more scalable. The first example is a 7 year old document and many organizations find it much more labor intensive to keep up all of those manually configured access-lists and other configuration bits.
An even more flexible approach, although less well-documented due to its relative age, is FlexVPN. See the FlexVPN data sheet for an overview of its advantages:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...