I'm finally looking to get rid of the PC that has run IPCop for me all these years. I want to replace it with a commercial hardware product. I'm wondering is there is anything cheaper than a Cisco ASA that is going to meet my needs. I need all of the following features to be supported by the product.
All ports must be gigabit.
I need at least 4 ports, but more would be nice.
RED - goes to my cable provider
GREEN - used for my home network
ORANGE - used for my kids home network
BLUE - used for wireless
The GREEN interface has access to the BLUE and ORANGE networks through NAT. However, those networks don't have access to any other network (except RED) unless I open specific holes for them.
For example, friends that come over can get on the BLUE wireless network and get out to the Internet, but they can't get to anything else. When I want to use the wireless, I have a hole open on GREEN network that allows BLUE network users to VPN into a server on the GREEN network. Once I'm VPN'd in, I can access the whole green network. I can access the BLUE network from the GREEN network without having to do a thing.
The same thing applies to the kid's ORANGE network. They can get out to the Internet and have their own printer on their network, but that is it. I can administer their machine from the GREEN network without having to do anything.
The unit does not need to have wireless built-in. I'm fine plugging in an access point to the BLUE network.
I'm hoping someone will tell me it is possible to accomplish all of this with something cheaper than an ASA.
All ports must be gigabit.
I need at least 4 ports, but more would be nice.
RED - goes to my cable provider
GREEN - used for my home network
ORANGE - used for my kids home network
BLUE - used for wireless
The GREEN interface has access to the BLUE and ORANGE networks through NAT. However, those networks don't have access to any other network (except RED) unless I open specific holes for them.
For example, friends that come over can get on the BLUE wireless network and get out to the Internet, but they can't get to anything else. When I want to use the wireless, I have a hole open on GREEN network that allows BLUE network users to VPN into a server on the GREEN network. Once I'm VPN'd in, I can access the whole green network. I can access the BLUE network from the GREEN network without having to do a thing.
The same thing applies to the kid's ORANGE network. They can get out to the Internet and have their own printer on their network, but that is it. I can administer their machine from the GREEN network without having to do anything.
The unit does not need to have wireless built-in. I'm fine plugging in an access point to the BLUE network.
I'm hoping someone will tell me it is possible to accomplish all of this with something cheaper than an ASA.