VPN Question

barquera

Hi All,

I need assistance.
On-site I have two ASA-5520's (Primary and Secondary).
I have 3 remote sites. 5 users at each remote site.
I need them to connect via VPN to my network.
What is the best and cheapest solution?

I was told that I can purchase a small VPN box for each individual PC and that these boxes can keep a constant connection and don't require the remote site admin to change anything on his router/firewall/switches.
Has anyone heard of this type of solution?
The guy that told me about it never told me the name of the product and I can't get in contact with him anymore.

ChooseLife

barquera wrote: »

I was told that I can purchase a small VPN box for each individual PC and that these boxes can keep a constant connection and don't require the remote site admin to change anything on his router/firewall/switches.
Has anyone heard of this type of solution?

Yes, this is quite a common scenario. Each of the remote sites would need their own VPN gateway. VPN gateway is often implemented as a feature on routers/firewalls. If you already have a router/firewall at remote sites, check whether they support VPN. If not, there is a wide selection of products on the market - from cheap Linksys boxes to Cisco ASA's to software-based solutions (openvpn, MS ISA, etc...)

barquera

Yes, the remote sites do have their own router/firewall.
I am assuming that the way it will work is that I will install these small boxes at each remote-site PC. Then make any necessary changes on my Firewall here.
The user at the remote site will then have a constant VPN tunnel through this tiny box to my ASA-5520.

Do you know what those boxes are called that I can get?

Chris_

Why would you want hardware per Pc? If you really want a VPN per Pc then why not use a soft VPN client. Otherwise I would recommend a site to site VPN for each remote site using the existing router, if it supports VPN.

SteveO86

Either a software VPN (Cisco VPN Client) per PC and have each user sign in when they need company resources.

Or

1 VPN Device at each site.. (Could be anything from a Cisco ASA 5505 to a 2801 with Adv Security IOS and configure the VPN with Firewall on that device)

ChooseLife

barquera wrote: »

I am assuming that the way it will work is that I will install these small boxes at each remote-site PC.

Not exactly. You can technically do it this way, but this would be a rather unusual set up. Instead, you would want to set up your branch router/firewall as the VPN box, and then all PCs at that site would use it when they needed to connect to the HQ over VPN. Does that makes sense?

You can also set up remote VPN from each PC to the HQ. This is typically done by using software VPN client, rather than dedicated hardware. The only reason I see to do it this way is if you have high security requirements (e.g. branch network is untrusted).