I need a cost effective solution that provides a reasonable amount of security.
The environment is a remote office using a cable Internet connection with a couple of public IP addresses. The site will contain two W2K3 domain security servers. One server will support our company domain and the other will support a training lab domain that is used by one of our suppliers (I control the lab hardware/software but the supplier is responsible for those who use it). I need to have a site-to-site VPN tunnel and Internet access for the company domain, but only need Internet access for the training lab domain. I have a Cisco PIX 515UR at the corporate office as well as a Cisco 3000 VPN Concentrator. In terms of spare equipment, I have a Cisco VPN3002 Hardware Client. The training domain will support up to a dozen people and the company domain will have about the same.
I have never set-up a hardware site-to-site VPN before (or a split tunnel) and am not sure how to lay out the network. I am somewhat concerned about preventing the lab domain from gaining access to our company domain - but it seems low risk. I need to buy a firewall (preferably Cisco to enhance interoperability with existing infrastructure). If I can use the 3002 for the corporate VPN tunnel, then I can buy an inexpensive PIX (501 - 50 user) to handle the Internet traffic for the remote office people as well as the training lab folks. Another solution is to run all of the "company" traffic back through the 3002 and just have the lab on the 501 (I just hate the thought remote offices using corporate bandwidth in both directions).
Any thoughts are appreciated.