Looking for security-appliance for worldwide usage

Discussion in 'Cisco' started by Steffen Mauch, Nov 24, 2008.

  1. Hello,

    we have to connect several machines around the world with the internet. The
    connection would be mainly dsl. Our machines offer several services like
    http-server, special programming interfaces and so on. We want to use the
    security-appliance to manage the access to the several services. E. g.:
    group "user" is only allowed to access port 80 in ip a.a.a.a. All members of
    group "admin" are allowed to access every service and members of group
    "programmers" are only allowed to access port 4321 on ip a.a.a.a and
    So we have found some features such a device should have (only the important

    - Access-Controll with the possibility to grant "rights" (ip-adresses, ports
    or protocolls) to users or better groups which can have multiple users
    - Web-portal to offer instructions and grant access to web-based services
    (depending on the "rights" of the actuall user)
    - VPN-Access for direct acces on non web-services (e. g. programming
    interface), nice would be Web-SSL-VPN
    - Possiblity to tell actual IP-Adress of the device (when device has dynamic
    IP, similar to dyndns, we don't wan't to use an own bind-server)
    - Very important: The device should work on DSL-accounts around the world so
    it should:
    - automatically get the right DSL-Parameters (vci, vpi, Annex protocol,
    PPPoE, PPPoA, PPTP ....) or
    - should be configurable for different countries or
    - should have different "DSL-hardware" for specific countries but most
    of the "non connection related" configuration should be identical (e. g.
    user/group-management, firewall-settings, LAN-settings .....)

    Of course our company-bandwith isn't to big, wie have noch possibility to
    allow the devices to do a permanent VPN-connection to us. We have to
    establish the connections on demand.

    Nice to have would be configuration export as plain text (or xml or similar)
    to check the configuration into subversion.

    We have experimentet with the Cisco ASA5505 which fits most of the features
    but we have a lot of problems to connect them to the internet in different
    countries because the ASA dosn't "speak" the correct protocoll. We should be
    able to get the DSL-Parameters (ok, it is not easy but possible) so we could
    configure a device which supports the parameters. We have tried to use the
    ASA behind another router which would be deliverd by the local
    internet-provider but couldn't get it to work.

    Any ideas which device we could use?

    thank you for any ideas.

    Steffen Mauch

    P. S. hope my english isn't to bad.
    Steffen Mauch, Nov 24, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.