[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 436
  • Last Modified:

Need help understanding VPN Solutions

First, I'm new to VPN so if my concepts are wrong.  Please help me understand what's going on here.

We need an environment to build distributed client-server software among 10 subcontractors.

We recently decided we needed a project VPN for 10 remote sites. (each in seperate corporations)  Our corporate IT department put together a proposal to use 10 Connectivity "VPN in a box" and a "Conitivity 600" as a central server.  
The Conitivity 600 would sit on our corporate DMZ.  Total price including Labor, Licencing, and SLAs is approx: $24K.
Long story short, my boss throws a fit.  He's unwilling to spend $24K.  I'm supposed to find a less expensive solution?

What's available?  What's best for our situation?  What will allow our developers adequate flexibility?
1.  OpenVPN?  a.  How would it work through corporate firewalls?  b.  What else besides all opening Ports 1140 on UDP and we installed OPenVPN on  a server?
2.  Citrix?
3.  I recall at one time Genuity had a product called "Managed VPN" where we all install client software and they handle the rest.  Do products like this still exists?  Worth it?  Who provides?
1 Solution
$24K is a bargain since it included labor to roll it out.

Want cheap, you get what you pay for.
1. There are many open VPN Linux 'free' solutions, but you'd better have a pack of linux gurus to help you roll it out
2. Citrix will cost you *way* more than $24k
3. Most of the major Telcos (AT&T, MCI, Sprint) have a manged vpn solution bundle, but it's not cheap.

Want really cheap and simple to set up?
Linksys RV042 VPN router at each location with a DSL connection
Linksys RV016 at Corp HQ, unless you have a T1 instead of DSL
2 minutes with a web page setup and you can pre-configure the remote sets and ship them out for self install.
Alternative at HQ is Cisco PIX FW as the VPN hub. Drawback to either solution = no site-site communication.

Alternative: Cisco 837 router at each remote site, and a 2600 series at Corp using Multipoint GRE with encrypted sessions. Very cost-effective, but you need someone who really knows their Cisco stuff to get it up and running.

Again, $24k breaks down to about $2k per site. $500 minimum onsite service charge, $1000 for hardware and the rest for Project Management, licensing and other stuff. Not too bad, but with the Linksys solution:
Linksys RV042 = $175 /each
30 minutes of your time to unpack, configure, save, test, pack back up and ship = $100
Extra shipping charge = $20
15 minutes for remote secretary to plug in, another 15 minutes to verify that everything is working - $40
Linksys RV016 for HQ = $425
Your time at HQ = 'priceless' (couldn't resist) - $50/site

$335/site * 10 sites = $3350 + $925 for HQ = $4275
About 1/5 the price..
Zero SLA, Zero license fees, zero monitoring, little support...

This site might help you find service providers for your area

Good primer on VPN's

Linksys "how-to"
lrmoore, really has break down to $...I think it is very good advise .(to save bucks)
But sometime save $ today cost you $$ later. (Poor Performance - Time is money)

Does your HQ own any Server?
How many users are to be connect to HQ via VPN?
Does your application support VPN?
Citrix is very nice tool, but RDP is also nice and lot cheaper,(But require Server 2000 or 2003 w/Licenses)

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

If you are opening your network up to other companies, you really need reliable security.  I think that an all-Linksys (or all-Netgear, etc) solution would be dangerous.  If your boss is really budget concious, consider a Cisco at your place and low-end VPN routers (Linksys, Netgear) at the remote sites.

I am in a similar situation, managing a VPN with about 12 sites.  For the most part, there is one central office and 11 remote sites (smaller offices, homes, etc.)  I started out with all Netgear FVS318s.  For a street price of about $125, they couldn't be beat.  

Eventually, I became unhappy with the throughput and switched the central office to an FVL328 (about $300-something).  It turned out to be flaky and finally failed.  It has now been replaced with a Cisco 831 which cost somewhere bewteen $500 and $1000.  

I can't say enough good things about the Cisco support.  You do get what you pay for.  When I look at the amount of lost productivity that my customer suffered due to intermittent problems with the Netgear, the Cisco seems very reasonably priced.  With Cisco's help, I have been able to leave the Netgear FVS318's at the remote sites and I have full, reliable connectivity with the added security features of the Cisco.  Warning: it takes some time to learn Cisco's IOS in order to manage the Cisco router yourself, but I think it is worth it.

I have asked Cisco for permission to post the Netgear-to-Cisco VPN configurations that we developed and they have said okay.  Post again if you are interested in details.
tmonteitAuthor Commented:
aleinbach,  would like to see the configurations if you can share....
Sorry for the delay.  I have posted a quickie overview at:


I hope to redo this when I have a free moment and make it a little clearer and more explanatory.  In the meantime, if you have any questions, please feel free to contact me at alain@jefdevco.com.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now