Solved

Hardware needed to do VPN on demand for Iphone IOS 4.1

Posted on 2010-09-09
6
1,523 Views
Last Modified: 2012-05-10
I would like suggestions on hardware needed to deploy Iphone ios 4 using VPN on Demand (as far as I understood CISCO Vpn) to Windows SBS 2008 network.

There will be, in worst case scenario, 20 consecutive users with Iphone's connected externaly to the network, but they will be very sensitive to overall link quallity, because they will do VOIP through it, and Exchange connections.

Only to begin with I saw the Cisco ASA 5505 Base or Security Plus.

My main goal is to do a stable and full featured VPN on Demand for Iphone users, with no administration at all, with the lowest cost possible.

PS.: We have a Draytek MultiWan V3300 router between our internal network and the internet, so they will have play nicely!
0
Comment
Question by:munirb14
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 37

Expert Comment

by:ArneLovius
ID: 33644809
Cisco ASA will do this, the model will depend on how many concurremt VPN sesions you need and the VPN bandwidth required.

You could either run it it parralel with your Draytek, or replace the Draytek with the ASA

There will be administration is setting up the ASA, but if you have Active Directory running in your network, you can use RADIUS to authenticate, and this could be managed as group membership, reducing day to day administration to a minimum.
0
 

Author Comment

by:munirb14
ID: 33652044
Is there a chance to integrate an ASA router to active directory, or any other router ?
0
 
LVL 37

Expert Comment

by:ArneLovius
ID: 33652472
As ASA Firewall cannot "join" an AD domain, however it can use RADIUS on Windows, either IAS on Windows 2003, or NPS on Windows 2008, for authentication, and it is capable of LDAP authentication.

IAS and NPS are both included with the respective versions of Windows Server
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:munirb14
ID: 33654236
Do you think that using a VPN/IPSec passthrough router, like the peplink, would work out? My idea is doing IPSec authentication directly on server, in this case, I could use my actual router.

Thanks!
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 125 total points
ID: 33654278
If you want the VPN to work with iPhone, then I'd suggest sticking with Cisco VPN termination...

All of the "load balancers" likethe draytek/peplink etc are really only good for outbound traffic, where your internal clients don't "mind" which link their web browsing session our outbound SMTP goes over, inbound is completely different, each of your inexpensive links has a different IP address, the external VPN client (iPhone) cannot load balance across them.

To do multiple links for inbound, you would need to be load balancing or bonding on the ISP end of your connections (some ISP's offer this service), or using BGP to run your own AS with multiple ISP connections (not usually feasible on inexpensive conections)

You could do a manual load balance of splitting your users into groups that are configured to only use a specific endpoint, and those endpoints could all terminate on a single device, but you might be better off working out what your traffic load will be, and dedicating an ISP connection of sufficient bandwidth to it, this would also prevent your outbound traffic from affecting their traffic.
0
 

Author Closing Comment

by:munirb14
ID: 33654309
Thanks a lot, sometimes it is easier to do the right thing from the beginning!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HP 2530 switch and routing 4 100
port forwarding 2 71
Change "enable" password on Cisco Router 7 57
VPN Exposure 19 45
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question