Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


VPN setup suggestion on mission critical app

Posted on 2004-10-20
Medium Priority
Last Modified: 2010-04-10
I have 3 remote retail locations connecting POS registers and PC's to a corporate office over dedicated lines (Fract T1's).  The stores have recently had DSL installed to allow for Inet access.

The Fractional T1's are killing the owner in monthly costs and he would like to explore alternatives.

My question is this:

Do I dare try to establish VPN connections from each retail location to corporate since this is a mission critical app?

If so, what type of hardware would you recommend.  Keep in mind that the owner is a little tight fisted ;-)

Additionally, each location has Micom Marathon 2K plus multiplexers and Frontrunner MR-2's.  Any suggestions as to how to migrate from the dedicated setup to the VPN?

Gave this 500 points because I need to have feedback ASAP.

Question by:blueoakmo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 12359369
The tight fisted part is not going to make this possible. POS.....PC.....Internet.....no money....all this spells disasterous security issues. If money was  more freely available to you there is only one solution that I reccomend and have setup for over 8 separate site to site vpn solutions on DSL connections.

Main office and each branch location runs MS ISA firewall server. Create site to site VPN connections between the each branch to the main. This can be done using L2TP connections for better security than PPTP.

This setup can run somewhere near 2,500 per site with software licensing and low end severs to do the grunt work. That is with no consulting to set it up. Not selling here, the documents to set it up are readily available, it just depends on the comfort level of the person doing the installs.

The bottom line is,,,,how important is his data? Is it revenue tied (wiht POS,,,,,I'd think so). He needs to realize money will gain him secure communications.

I wish I could tell you of a cheap, easy, yet secure method, but simply can't.


Expert Comment

ID: 12359637
One thing I have seen here, is ISPs offerring to setup a private network for you.
I think the idea is the ISP links all your sites together as required, using DSL access, and keeps all this seperate from the internet. Then they add one more point at their datacenter where you can all get out to the internet, but they take care of not letting the internet onto your private network.
The outcome seems to be that you have a private connection and a public connection but only need to pay for one physical connection at each site.
LVL 79

Expert Comment

ID: 12360319
I could suggest a Cisco solution that uses low-end 800 series DSL routers at the stores, and a 2600 series with T1 Internet access at the HQ. Using IPSEC over multipoint GRE makes it a snap, and allow QoS over the links. No more T1 costs at  the stores.


Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

LVL 79

Expert Comment

ID: 12403473
Any progress? Are you still working on this? Do you need more information?

Author Comment

ID: 12404505
Actually, still waiting on MCI and Birch Telecom for config info this morning when the POS software provider indicated that the current system will not work over VPN.... he COULD sell me a newer solution that works over VPN, of course.

Thanks for the suggestion.

My main question was to see if anyone had any mission critical apps running over VPN, and if so, what equip they used.
LVL 79

Accepted Solution

lrmoore earned 1500 total points
ID: 12404593
I've setup several mission-critical systems that operate over a VPN using a wide variety of Cisco products. It all depends on the application that runs over it. Some applications depend on broadcasts which don't go across VPN tunnels. Some applications use Multicasting which does not do well over VPN's. Etc, etc, etc...
However, the very definition of "mission-critical" means that it does not depend on the Internet as the carrier. The Internet at large is the very big unknown and uncontrollable potential black hole..


Author Comment

ID: 12698982
Thanks lrmoore.  A little disappointed there wasn't more feedback, but thought I should clean this up.
LVL 79

Expert Comment

ID: 12699190

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question