VPN setup suggestion on mission critical app

I have 3 remote retail locations connecting POS registers and PC's to a corporate office over dedicated lines (Fract T1's).  The stores have recently had DSL installed to allow for Inet access.

The Fractional T1's are killing the owner in monthly costs and he would like to explore alternatives.

My question is this:

Do I dare try to establish VPN connections from each retail location to corporate since this is a mission critical app?

If so, what type of hardware would you recommend.  Keep in mind that the owner is a little tight fisted ;-)

Additionally, each location has Micom Marathon 2K plus multiplexers and Frontrunner MR-2's.  Any suggestions as to how to migrate from the dedicated setup to the VPN?

Gave this 500 points because I need to have feedback ASAP.

Who is Participating?
lrmooreConnect With a Mentor Commented:
I've setup several mission-critical systems that operate over a VPN using a wide variety of Cisco products. It all depends on the application that runs over it. Some applications depend on broadcasts which don't go across VPN tunnels. Some applications use Multicasting which does not do well over VPN's. Etc, etc, etc...
However, the very definition of "mission-critical" means that it does not depend on the Internet as the carrier. The Internet at large is the very big unknown and uncontrollable potential black hole..

The tight fisted part is not going to make this possible. POS.....PC.....Internet.....no money....all this spells disasterous security issues. If money was  more freely available to you there is only one solution that I reccomend and have setup for over 8 separate site to site vpn solutions on DSL connections.

Main office and each branch location runs MS ISA firewall server. Create site to site VPN connections between the each branch to the main. This can be done using L2TP connections for better security than PPTP.

This setup can run somewhere near 2,500 per site with software licensing and low end severs to do the grunt work. That is with no consulting to set it up. Not selling here, the documents to set it up are readily available, it just depends on the comfort level of the person doing the installs.

The bottom line is,,,,how important is his data? Is it revenue tied (wiht POS,,,,,I'd think so). He needs to realize money will gain him secure communications.

I wish I could tell you of a cheap, easy, yet secure method, but simply can't.

One thing I have seen here, is ISPs offerring to setup a private network for you.
I think the idea is the ISP links all your sites together as required, using DSL access, and keeps all this seperate from the internet. Then they add one more point at their datacenter where you can all get out to the internet, but they take care of not letting the internet onto your private network.
The outcome seems to be that you have a private connection and a public connection but only need to pay for one physical connection at each site.
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

I could suggest a Cisco solution that uses low-end 800 series DSL routers at the stores, and a 2600 series with T1 Internet access at the HQ. Using IPSEC over multipoint GRE makes it a snap, and allow QoS over the links. No more T1 costs at  the stores.


Any progress? Are you still working on this? Do you need more information?
blueoakmoAuthor Commented:
Actually, still waiting on MCI and Birch Telecom for config info this morning when the POS software provider indicated that the current system will not work over VPN.... he COULD sell me a newer solution that works over VPN, of course.

Thanks for the suggestion.

My main question was to see if anyone had any mission critical apps running over VPN, and if so, what equip they used.
blueoakmoAuthor Commented:
Thanks lrmoore.  A little disappointed there wasn't more feedback, but thought I should clean this up.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.