Back Story:
I work in the IT Department for a company that got its start by being given space to work out of from a warehouse when my company first got its start about a decade ago. Ever since then, the owners of my company have provided "favors" to the owners of the warehouse.
The Problem
The warehouse has an old, poorly designed Microsoft Access 2003 application that has been hosted on my company's servers for a very long time. They connect to it via RDP.
We are in the process of upgrading our servers (and software) and want them completely off of our network due to the major pain it has been to support their lack of tech-savvy-ness, their old Windows Vista computers, and the fact that network printing kept breaking for them.
I am working on a solution to move their Access database in house for them. One of the needs is that the warehouse owner can connect to it from her house (the outside).
Our owners still don't want to abandon them, so here is our solution: Provide the Warehouse with a new desktop computer that will host the Microsoft Access database. Take out their home-grade router, and put in a Cisco ASA 5505 (on a free extended loan). Use File Sharing (so each of the other computers will also need Access 2003) so that everyone can get to it.
However, I'm still trying to figure out the best way to allow the user from the outside connect to the Access resource.
I have already built the local interface, complete with working DHCP and pointing to OpenDNS' servers for DNS. I don't have their public IP address yet (although I know its Static), so I will build out the public int as well.
I have built the Access List to allow traffic from the Warehouse owner's home (which is on Static IP), as well as traffic from my company, as we will continue to support them.
I'm not very familiar with Cisco, but have been studying (thinking about taking the CCNA soon), and have played around with the ASA we will eventually deploy to their location. My understanding is that the ASA can support VPN, is this correct?
In order for the external user to connect inside, would it make the most sense to build in VPN functionality into the ASA? Are there any caveats I should think about?
Or can you think of any better solution?
If you are looking to avoid VPN or RDP, you could isolate their network (if not done so already, for security), then use something like LogMeIn. If it's only for one person, a simple solution that's easy to support is what I'd be after. You'd be able to have them log in to the site, and securely connect to the hosting PC. No extra hardware needed.
Another solution is to publish the access app via Remote Desktop RemoteApp. This requires terminal severs (windows server, standard edition will do) and licenses to match.
However, the end result is: