Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Solution for small branch outlets

Hi Our corportate network runs on a cisco based MPLS system. We have 2 ASA Cisco Firewalls which support our internet connection and VPN access. We are now being asked to open up a number of very small kiosk style stores that basically with have 3 or 4 terminals that provide internet access to the public and 2 or 3 devices that will be standard corporate PCs that will only be used by employees.

We are wondering what would be the best way from a network point of view to provide this. And are thinking that maybe we should get ADSL installed at the store. And then we were wondering if you could install a Cisco 800 router with its integrated switch and then configure say ports 1-3 to go straight out to the internet without connecting to the corportate network and the remaining ports would be configured to give a constant VPN connect either through our ASA or straight into our MPLS network.

The thing we don't know if techinically you can do this. Anyone know or have any suggestions?


New Member

Re: Solution for small branch outlets

You can do this by creating two subnets (VLANs) on the 800 router. Create a nat statement that NATs the subnet you want to give Internet access. Create a crypto map that only tunnels and encrypts the other subnet that requires access back to corporate. I haven't used the ASA appliances yet, but have done this with the VPN3000 concentrators (acting as a hardware client) as well as to IOS routers (GRE/IPSec). So far this has worked well for up to about 6 users behind an 871 for us.

New Member

Re: Solution for small branch outlets

thank you - do you know if we would also be able to support Call Manager IPT in this type of setup?

CreatePlease to create content