Solved

Site to Site VPN solutions for two small offices

Posted on 2010-09-14
9
751 Views
Last Modified: 2012-05-10
I am trying to create a site to site VPN between two offices.

Site 1 HQ 30 users (has AD, mail, file servers) 10Mpbs Business Ethernet up and down
Site 2 remote office 10 users - Comcast Business class with static IP 10+Mpbs up and 4+Mpbs down.

They are already in two different private subnets. Currently users from remote office login via MS RAS VPN, which is not too reliable.

I want to create a site to site VPN so the two office are always connected via the VPN but also allow some home user to continue able to login to MS RAS as now.

Thanks in advance for any recommendations. Two Sonicwall devices? Two cisco devices? What is the best way to max through put between the two locations?



0
Comment
Question by:EEAPI
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Linksys Cisco RV0xx series routers may good VPN routers and the small ones (RV042) are quite inexpensive. I access them via IPSec but I think you can set them up for PPTP as well. ... Thinkpads_User
0
 
LVL 11

Assisted Solution

by:crouthamela
crouthamela earned 100 total points
Comment Utility
This is a pretty normal, basic setup. You could use SonicWALL, Cisco, etc. any of them will do what you want. The SonicWALL TZ100 would work for you at each site, or the Cisco ASA 5505 (or RV0xx series as thinkpads mentioned).

As for throughput over the VPN, make sure the tunnel is using AES-(128,256)/SHA1. It's a much faster algorithm than 3DES and you won't have to sacrifice security.
0
 
LVL 11

Assisted Solution

by:diprajbasu
diprajbasu earned 100 total points
Comment Utility
There are some steps you need to understand first

1.Any UTM/Firewall will solve the same problem because they have their VPN server inbuilt.
but you need to understand how many concurrent session/user they will support.. so while purchasing any UTM or firewall be specific about user
2.you can add any VPN box for the same coonectivity
3. you need to understand what application you are going to use on VPN. my suggestion is go for IPSEC VPN, because that will support both voice,data and video.. in SSL VPN you may face some problem.
4.if you are going to use any ERP... then how they will work...on RDP/RDC or through software client.
 any basic firewall device or VPNBOX will solve your problem
0
 

Author Comment

by:EEAPI
Comment Utility
Thanks for the replies so far, here are more info regarding the setup:

We need to support about 10 remote users to access the vpn. They just need to use typical office apps, like Exchange/Outlook, access files on the file server. Currently, they use the MS VPN client on XP or Windows 7 to access the RAS VPN on Windows server.

How reliable are the Sonicwall ones compare to the Cisco ones? Is there any through put advantages with the Cisco device? Thanks!
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Expert Comment

by:hairyyak
Comment Utility
Hi there, I work for a Sonicwall reseller in the UK so my answer won't be completely unbiased ! :)

We run managed services for around 1100 customers in the UK running a mixture of Cisco and Sonicwall solutions most of which are a mirror for what you are trying to achieve.

The main considerations are going to be budget and functionality.

But looking looking at functionality one point you highlight is throughput and its important too check out whether you want to use inbuilt UTM (unified threat managment) which is offered on all the Sonicwall devices and a number of the Cisco ones. If you use it, compare the speeds of throughput, in our expereince the Sonicwall often does a better job.

The next thing is connectivity. A TZ210 offers 3G fallback so if the main connection goes down you can use a 3g dongle (get one that's compatible not anyone will work e.g. a Huwai E160) it will be slow but you can still do stuff whilst the line is fixed.

Obviously integrated WiFi access is handy but more important is that it gives you a single point to control security at that site so that maybe important.

Again on the Sonciwall (and I assume the Cisco) they offer an SSL VPN now with 25 user license, which means you can allow people to connect into a reasonable standard SSL VPN when away from the office with some reasonable functionality in terms of configuring the user interface.

Also if you do need remote users then the Virtual Assist option on the Sonicwall gives you an equivalane to Citrix Assist or Reachout built into the VPN so that if the user is having trouble installing the software on their home machine for example, you can do a remote session with them and get it sorted more quickly.

We have customers that will run multiple branches with 5-10 users per branch back into a TZ200 so performance wise it will work for you I'm sure, its just checking out the other functionality and making sure the 'brand' of the product isn't more important than what it does! :)

This link is a comparison of the TZ products if you need to take a look http://www.sonicwall.com/us/products/13281.html.

Let me know if you'd like to know anything more.
0
 
LVL 11

Expert Comment

by:diprajbasu
Comment Utility
dear ,
don't be biased....you can go for any UTM...
but the solution should be ok.
0
 

Author Comment

by:EEAPI
Comment Utility
Will the Sonicwall/Cisco device support Intel Mac's 10.5.x and up? So if I go with the Sonicwall, and use it for site-to-site VPN and VPN for home users, this will work? How does the Sonicwall get VPN access permission from Active Directory? Compare that to the VPN on MS server, should I expect better through put?
0
 
LVL 1

Accepted Solution

by:
hairyyak earned 300 total points
Comment Utility
Hi there, so I did a bit of checking around...

First off on the performance issue there's a comparioson here of throughput vs. Cisco and Juniper but not anything agains tMicrosoft I'm affraid, the link is http://www.sonicwall.com/us/products/TZ_Series.html.

Secondly on the SSL VPN side of things, you would need the TZ210 and it uses a technology called NetExtender. This has clients for Apple, Linux and Windows checkout this link here http://www.sonicwall.com/us/products/676.html

Third, when you setup a Sonicwall you have the option to specify authentication providers or you can setup local users on the Sonicwall. If you point it at your AD you can specify users from there. You'll simply need to provide credentials for the Sonicwall to access the AD, I'd setup a seperate account to do this to keep things tidy.

Finally just an observation, I'm a big Microsoft fan, but unless you were going for Microsoft  ForeFront UAG (the full blown SSL VPN product which used to be called  IAG and came from a company they bought called Whale) then you will get  better performance out of a dedicated appliance than using an extra  service on your existing server; in addition using a seperate firewall  appliance (e.g. the Sonicwall) would mean that server doesn't have to be  exposed to the internet which increases security and allows all of its  resources to be focused on doing its primary tasks of serving the  internal network.

Let me know how you get on.

0
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
If you have Mac clients you can use a FREE app called IPSecuritas by Lobotomo. It allows you to connect you Macs to both Sonicwall and Cisco devices for VPN.

The Sonicwall can be configured for AD RADIUS authentication.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now