Recommended VPN Routers for site-to-site
Hi experts
In Office A we have a LAN of about 10 users and have Windows Server 2008.
In Office B we have a LAN of about 6 users without a server.
We also have about 3 or 4 roaming users.
We guess that we should implement a site-to-site VPN solution between Office A and Office B which will allows Office A and Office B to share network resources, but will also allow roaming users to to 'Dial In'.
In this landscape of VPN routers, there are about 6 or more companies, and there are a whole range of routers and solutions. There's Netgear, Cisco, SonicWall, Nortec, DLink, Forinet, etc etc.
Can you provide any advice or recommendation to help us decide who to go with? What product to go with? What to look for in a product? etc.
We hear Cisco is the best but it is the most expensive.
We hear Netgear comes highly recommended.
Your help is appreciated
In Office A we have a LAN of about 10 users and have Windows Server 2008.
In Office B we have a LAN of about 6 users without a server.
We also have about 3 or 4 roaming users.
We guess that we should implement a site-to-site VPN solution between Office A and Office B which will allows Office A and Office B to share network resources, but will also allow roaming users to to 'Dial In'.
In this landscape of VPN routers, there are about 6 or more companies, and there are a whole range of routers and solutions. There's Netgear, Cisco, SonicWall, Nortec, DLink, Forinet, etc etc.
Can you provide any advice or recommendation to help us decide who to go with? What product to go with? What to look for in a product? etc.
We hear Cisco is the best but it is the most expensive.
We hear Netgear comes highly recommended.
Your help is appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
While Cisco is expensive, with technology you get what you pay for and yes Netgear will definitely come in cheaper, but I don't trust Netgear equipment to work well in a business environment. I won't even buy Netgear products for my home network. D-Link is another good manufacturer, but I've never used them in a production environment for a business. Cisco support will also cost some money, but once you get it installed you'll be happy with the purchase you made.
By the way, I am not affiliated with Cisco in any way.
By the way, I am not affiliated with Cisco in any way.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks tigermatt...
Here's a ballbreaker with NetGear that I've only just discovered (and still trying to understand)
..with a model like FVS336G VPN Router, it supports up to 25 IPsec VPN tunnels - this is apparently used for Branch-to-Branch or Site-To-Site connections. So to connect two branches (two routers) you use one of these tunnels. Right? But for Remote users to 'dial in' and use one of these tunnels, you have to buy a NetGear VPN Client software license for about $50.
However, this Router does come with 10 SSL VPN tunnels which can be used by Remote Users without a NetGear VPN Client software license.
So with this router, if you have more than 10 remote users, you gotta buy them licenses.
This... is .
I can't understand why we can't have one versatile router that can do all of this WITHOUT client software?
I can't understand why they are separating the protocols like this? Why is IPSec used for branch-to-branch but SSL is only used for roaming users?
Now I have to go through all the Netgear router models to try and identify one that isn't full of ;)
Here's a ballbreaker with NetGear that I've only just discovered (and still trying to understand)
..with a model like FVS336G VPN Router, it supports up to 25 IPsec VPN tunnels - this is apparently used for Branch-to-Branch or Site-To-Site connections. So to connect two branches (two routers) you use one of these tunnels. Right? But for Remote users to 'dial in' and use one of these tunnels, you have to buy a NetGear VPN Client software license for about $50.
However, this Router does come with 10 SSL VPN tunnels which can be used by Remote Users without a NetGear VPN Client software license.
So with this router, if you have more than 10 remote users, you gotta buy them licenses.
This... is .
I can't understand why we can't have one versatile router that can do all of this WITHOUT client software?
I can't understand why they are separating the protocols like this? Why is IPSec used for branch-to-branch but SSL is only used for roaming users?
Now I have to go through all the Netgear router models to try and identify one that isn't full of ;)
The model I use to link the two sites is the FVS114. Agreed, it does have a limit to the number of remote tunnels supported, but it is ideal for linking two offices. For remote sessions from remote users when away from either office, I offer a PPTP VPN direct into their office's server, which is much better and integrates more nicely with Windows than the Netgear implementation.
I do believe most router models require specialist software to connect to their VPNs, which is why I prefer RRAS in conjunction with NPS on Server 2008.
-Matt
i recommend juniper netscreen 5gt.
they are EOL so you can get them cheap on ebay ($150 and less for unlimited device)
they have the same screenOS (firmware) as the newer ssg devices so you actually get $800 worth of features.
They are simple to configure but have the ability to support very complex network setups
VPN features set is very flexible and allows several different VPN configs to be used at once for different needs.
they are EOL so you can get them cheap on ebay ($150 and less for unlimited device)
they have the same screenOS (firmware) as the newer ssg devices so you actually get $800 worth of features.
They are simple to configure but have the ability to support very complex network setups
VPN features set is very flexible and allows several different VPN configs to be used at once for different needs.
FYI - SSL VPN licenses are typically per connection not per user. So your 10 licenses would cover 10 concurrent connections not 10 users (you could cover 100 users but only 10 could connect at a time).
SSL VPN is the latest trend for clientless VPN connect (you connect using a web address). Example: your user browses to https://vpn.yourcompany.com, they enter a username/password and they have remote access.
SSL VPN is the latest trend for clientless VPN connect (you connect using a web address). Example: your user browses to https://vpn.yourcompany.com, they enter a username/password and they have remote access.
Hi Guys,
I have been using cisco for years and yes they are best and yes they are the most exspensive, but they do things other vendors just dream about, also if youre not used to cisco it will be a nightmare, yes there is a gui, but to be frank it's rubbish, so command line is the forward, but very going if you dont know cisco
If you dont need all the features (which you dont with a simple ipsec vpn) then I would reccomend Draytek get a couple of 2820's , about £120.00 each and a doddle to set up, let me know if you need a hand, once you have these installed, walk away and forget all about them, they will not let you down,
cheers
I have been using cisco for years and yes they are best and yes they are the most exspensive, but they do things other vendors just dream about, also if youre not used to cisco it will be a nightmare, yes there is a gui, but to be frank it's rubbish, so command line is the forward, but very going if you dont know cisco
If you dont need all the features (which you dont with a simple ipsec vpn) then I would reccomend Draytek get a couple of 2820's , about £120.00 each and a doddle to set up, let me know if you need a hand, once you have these installed, walk away and forget all about them, they will not let you down,
cheers
There's already an entry on this but I wanted to provide my two cents. In a prior employment I supported 6 remote retail outlets and 1 remote warehouses. We used Netgear FVS114 VPN firewalls and did not have any issues. The setupo is easy to understand and maintain; adding or removing users, etc.
Reasonable price.
Reasonable price.
Many things were said yet. I have to add my 2x 2c (worth a penny) to this.
I back up the statement "buy what you can manage in reasonable time". Managing a VPN can be a hell. But in a site-to-site VPN, you can make assumptions and fixed settings which make it much easier.
Don't even consider the usual SSL VPN stuff. There (certainly) are solutions for site-to-site, but in most cases they are for clientless mobile user connection from anywhere. If it comes with your choice - ok, use it for your mobile users. Else don't care about VPN client licenses - use free Shrew VPN. It is versatile, and tutorials are available for many VPN devices.
With cheaper devices, debugging is more difficult (if possible) as with "business-class" ones. Of course you need this only if something is not working - but even "when nothing has changed", everything is changed for sure. It is like with a very cheap car - as long as it drives, very good, but if the first repair is on the horizon, throw it away.
This leads me to the recommendation to spend rather more money on the device than on the work. Investing in support contracts and more expensive devices pay!
BTW, I'm keen on Juniper. The WebUI is (almost) as mighty as the CLI, and you can change between both to your liking. And you can debug all kind of stuff.
I back up the statement "buy what you can manage in reasonable time". Managing a VPN can be a hell. But in a site-to-site VPN, you can make assumptions and fixed settings which make it much easier.
Don't even consider the usual SSL VPN stuff. There (certainly) are solutions for site-to-site, but in most cases they are for clientless mobile user connection from anywhere. If it comes with your choice - ok, use it for your mobile users. Else don't care about VPN client licenses - use free Shrew VPN. It is versatile, and tutorials are available for many VPN devices.
With cheaper devices, debugging is more difficult (if possible) as with "business-class" ones. Of course you need this only if something is not working - but even "when nothing has changed", everything is changed for sure. It is like with a very cheap car - as long as it drives, very good, but if the first repair is on the horizon, throw it away.
This leads me to the recommendation to spend rather more money on the device than on the work. Investing in support contracts and more expensive devices pay!
BTW, I'm keen on Juniper. The WebUI is (almost) as mighty as the CLI, and you can change between both to your liking. And you can debug all kind of stuff.
Get you a Juniper sa2000 or SA device, it will work great.
... but SA devices allow ONLY for SSL access, i.e. clients and no site-2-site.
ASKER
Update: we have pushed this VPN site-to-site project back a few weeks because another project has taken priority.
I want to award points when I revisit this again where I will be able to award points in an educated way.
(I will endevour to do so before then, but can't promise)
If you object, you can propose a points award result, or you can request attention from the mods and ask them to reward the points.
Thanks for all your input
I want to award points when I revisit this again where I will be able to award points in an educated way.
(I will endevour to do so before then, but can't promise)
If you object, you can propose a points award result, or you can request attention from the mods and ask them to reward the points.
Thanks for all your input
ASKER
Same story... need some more time. If you guys get impatient, let me know :p
Not at all, take your time.
ASKER
:)
I belive there are many good suggestions here.
That was not my intention.
ASKER
Thanks but we don't really see a need for Wireless (and I personally hate Wireless).
But what I'm not hearing is why you guys recommend Cisco - and why we should pay more for it. I appreciate the recommendations, and I'm printing out Titan22's link to the ASA series, and one supplier is going to quote us on 1x ASA5510-BUN-K9 for the head office and 2x ASA5505-SEC=BUN-K9 for branches. But again, if Netgear comes in much cheaper why shouldn't I just go with that?
I find VPNs complicated beasts. For me to make an "educated decision" I would have to spend several more days researching. :)