Solved

VPN setup suggestion on mission critical app

Posted on 2004-10-20
8
340 Views
Last Modified: 2010-04-10
I have 3 remote retail locations connecting POS registers and PC's to a corporate office over dedicated lines (Fract T1's).  The stores have recently had DSL installed to allow for Inet access.

The Fractional T1's are killing the owner in monthly costs and he would like to explore alternatives.

My question is this:

Do I dare try to establish VPN connections from each retail location to corporate since this is a mission critical app?

If so, what type of hardware would you recommend.  Keep in mind that the owner is a little tight fisted ;-)

Additionally, each location has Micom Marathon 2K plus multiplexers and Frontrunner MR-2's.  Any suggestions as to how to migrate from the dedicated setup to the VPN?

Gave this 500 points because I need to have feedback ASAP.

TIA
0
Comment
Question by:blueoakmo
8 Comments
 
LVL 9

Expert Comment

by:TannerMan
ID: 12359369
The tight fisted part is not going to make this possible. POS.....PC.....Internet.....no money....all this spells disasterous security issues. If money was  more freely available to you there is only one solution that I reccomend and have setup for over 8 separate site to site vpn solutions on DSL connections.

Main office and each branch location runs MS ISA firewall server. Create site to site VPN connections between the each branch to the main. This can be done using L2TP connections for better security than PPTP.


This setup can run somewhere near 2,500 per site with software licensing and low end severs to do the grunt work. That is with no consulting to set it up. Not selling here, the documents to set it up are readily available, it just depends on the comfort level of the person doing the installs.

The bottom line is,,,,how important is his data? Is it revenue tied (wiht POS,,,,,I'd think so). He needs to realize money will gain him secure communications.

I wish I could tell you of a cheap, easy, yet secure method, but simply can't.

0
 
LVL 3

Expert Comment

by:ccceqo2
ID: 12359637
One thing I have seen here, is ISPs offerring to setup a private network for you.
I think the idea is the ISP links all your sites together as required, using DSL access, and keeps all this seperate from the internet. Then they add one more point at their datacenter where you can all get out to the internet, but they take care of not letting the internet onto your private network.
The outcome seems to be that you have a private connection and a public connection but only need to pay for one physical connection at each site.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12360319
I could suggest a Cisco solution that uses low-end 800 series DSL routers at the stores, and a 2600 series with T1 Internet access at the HQ. Using IPSEC over multipoint GRE makes it a snap, and allow QoS over the links. No more T1 costs at  the stores.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801e6206.shtml

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12403473
Any progress? Are you still working on this? Do you need more information?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:blueoakmo
ID: 12404505
Actually, still waiting on MCI and Birch Telecom for config info this morning when the POS software provider indicated that the current system will not work over VPN.... he COULD sell me a newer solution that works over VPN, of course.

Thanks for the suggestion.

My main question was to see if anyone had any mission critical apps running over VPN, and if so, what equip they used.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12404593
I've setup several mission-critical systems that operate over a VPN using a wide variety of Cisco products. It all depends on the application that runs over it. Some applications depend on broadcasts which don't go across VPN tunnels. Some applications use Multicasting which does not do well over VPN's. Etc, etc, etc...
However, the very definition of "mission-critical" means that it does not depend on the Internet as the carrier. The Internet at large is the very big unknown and uncontrollable potential black hole..

0
 

Author Comment

by:blueoakmo
ID: 12698982
Thanks lrmoore.  A little disappointed there wasn't more feedback, but thought I should clean this up.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12699190
Thanks!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now