VPN setup suggestion on mission critical app

Posted on 2004-10-20
Last Modified: 2010-04-10
I have 3 remote retail locations connecting POS registers and PC's to a corporate office over dedicated lines (Fract T1's).  The stores have recently had DSL installed to allow for Inet access.

The Fractional T1's are killing the owner in monthly costs and he would like to explore alternatives.

My question is this:

Do I dare try to establish VPN connections from each retail location to corporate since this is a mission critical app?

If so, what type of hardware would you recommend.  Keep in mind that the owner is a little tight fisted ;-)

Additionally, each location has Micom Marathon 2K plus multiplexers and Frontrunner MR-2's.  Any suggestions as to how to migrate from the dedicated setup to the VPN?

Gave this 500 points because I need to have feedback ASAP.

Question by:blueoakmo

Expert Comment

ID: 12359369
The tight fisted part is not going to make this possible. money....all this spells disasterous security issues. If money was  more freely available to you there is only one solution that I reccomend and have setup for over 8 separate site to site vpn solutions on DSL connections.

Main office and each branch location runs MS ISA firewall server. Create site to site VPN connections between the each branch to the main. This can be done using L2TP connections for better security than PPTP.

This setup can run somewhere near 2,500 per site with software licensing and low end severs to do the grunt work. That is with no consulting to set it up. Not selling here, the documents to set it up are readily available, it just depends on the comfort level of the person doing the installs.

The bottom line is,,,,how important is his data? Is it revenue tied (wiht POS,,,,,I'd think so). He needs to realize money will gain him secure communications.

I wish I could tell you of a cheap, easy, yet secure method, but simply can't.


Expert Comment

ID: 12359637
One thing I have seen here, is ISPs offerring to setup a private network for you.
I think the idea is the ISP links all your sites together as required, using DSL access, and keeps all this seperate from the internet. Then they add one more point at their datacenter where you can all get out to the internet, but they take care of not letting the internet onto your private network.
The outcome seems to be that you have a private connection and a public connection but only need to pay for one physical connection at each site.
LVL 79

Expert Comment

ID: 12360319
I could suggest a Cisco solution that uses low-end 800 series DSL routers at the stores, and a 2600 series with T1 Internet access at the HQ. Using IPSEC over multipoint GRE makes it a snap, and allow QoS over the links. No more T1 costs at  the stores.

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 79

Expert Comment

ID: 12403473
Any progress? Are you still working on this? Do you need more information?

Author Comment

ID: 12404505
Actually, still waiting on MCI and Birch Telecom for config info this morning when the POS software provider indicated that the current system will not work over VPN.... he COULD sell me a newer solution that works over VPN, of course.

Thanks for the suggestion.

My main question was to see if anyone had any mission critical apps running over VPN, and if so, what equip they used.
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 12404593
I've setup several mission-critical systems that operate over a VPN using a wide variety of Cisco products. It all depends on the application that runs over it. Some applications depend on broadcasts which don't go across VPN tunnels. Some applications use Multicasting which does not do well over VPN's. Etc, etc, etc...
However, the very definition of "mission-critical" means that it does not depend on the Internet as the carrier. The Internet at large is the very big unknown and uncontrollable potential black hole..


Author Comment

ID: 12698982
Thanks lrmoore.  A little disappointed there wasn't more feedback, but thought I should clean this up.
LVL 79

Expert Comment

ID: 12699190

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question