blueoakmo
asked on
VPN setup suggestion on mission critical app
I have 3 remote retail locations connecting POS registers and PC's to a corporate office over dedicated lines (Fract T1's). The stores have recently had DSL installed to allow for Inet access.
The Fractional T1's are killing the owner in monthly costs and he would like to explore alternatives.
My question is this:
Do I dare try to establish VPN connections from each retail location to corporate since this is a mission critical app?
If so, what type of hardware would you recommend. Keep in mind that the owner is a little tight fisted ;-)
Additionally, each location has Micom Marathon 2K plus multiplexers and Frontrunner MR-2's. Any suggestions as to how to migrate from the dedicated setup to the VPN?
Gave this 500 points because I need to have feedback ASAP.
TIA
The Fractional T1's are killing the owner in monthly costs and he would like to explore alternatives.
My question is this:
Do I dare try to establish VPN connections from each retail location to corporate since this is a mission critical app?
If so, what type of hardware would you recommend. Keep in mind that the owner is a little tight fisted ;-)
Additionally, each location has Micom Marathon 2K plus multiplexers and Frontrunner MR-2's. Any suggestions as to how to migrate from the dedicated setup to the VPN?
Gave this 500 points because I need to have feedback ASAP.
TIA
One thing I have seen here, is ISPs offerring to setup a private network for you.
I think the idea is the ISP links all your sites together as required, using DSL access, and keeps all this seperate from the internet. Then they add one more point at their datacenter where you can all get out to the internet, but they take care of not letting the internet onto your private network.
The outcome seems to be that you have a private connection and a public connection but only need to pay for one physical connection at each site.
I think the idea is the ISP links all your sites together as required, using DSL access, and keeps all this seperate from the internet. Then they add one more point at their datacenter where you can all get out to the internet, but they take care of not letting the internet onto your private network.
The outcome seems to be that you have a private connection and a public connection but only need to pay for one physical connection at each site.
I could suggest a Cisco solution that uses low-end 800 series DSL routers at the stores, and a 2600 series with T1 Internet access at the HQ. Using IPSEC over multipoint GRE makes it a snap, and allow QoS over the links. No more T1 costs at the stores.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801e6206.shtml
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801e6206.shtml
Any progress? Are you still working on this? Do you need more information?
ASKER
Actually, still waiting on MCI and Birch Telecom for config info this morning when the POS software provider indicated that the current system will not work over VPN.... he COULD sell me a newer solution that works over VPN, of course.
Thanks for the suggestion.
My main question was to see if anyone had any mission critical apps running over VPN, and if so, what equip they used.
Thanks for the suggestion.
My main question was to see if anyone had any mission critical apps running over VPN, and if so, what equip they used.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks lrmoore. A little disappointed there wasn't more feedback, but thought I should clean this up.
Thanks!
Main office and each branch location runs MS ISA firewall server. Create site to site VPN connections between the each branch to the main. This can be done using L2TP connections for better security than PPTP.
This setup can run somewhere near 2,500 per site with software licensing and low end severs to do the grunt work. That is with no consulting to set it up. Not selling here, the documents to set it up are readily available, it just depends on the comfort level of the person doing the installs.
The bottom line is,,,,how important is his data? Is it revenue tied (wiht POS,,,,,I'd think so). He needs to realize money will gain him secure communications.
I wish I could tell you of a cheap, easy, yet secure method, but simply can't.