Site to Site VPN solutions for two small offices

I am trying to create a site to site VPN between two offices.

Site 1 HQ 30 users (has AD, mail, file servers) 10Mpbs Business Ethernet up and down
Site 2 remote office 10 users - Comcast Business class with static IP 10+Mpbs up and 4+Mpbs down.

They are already in two different private subnets. Currently users from remote office login via MS RAS VPN, which is not too reliable.

I want to create a site to site VPN so the two office are always connected via the VPN but also allow some home user to continue able to login to MS RAS as now.

Thanks in advance for any recommendations. Two Sonicwall devices? Two cisco devices? What is the best way to max through put between the two locations?

Who is Participating?
Hi there, so I did a bit of checking around...

First off on the performance issue there's a comparioson here of throughput vs. Cisco and Juniper but not anything agains tMicrosoft I'm affraid, the link is

Secondly on the SSL VPN side of things, you would need the TZ210 and it uses a technology called NetExtender. This has clients for Apple, Linux and Windows checkout this link here

Third, when you setup a Sonicwall you have the option to specify authentication providers or you can setup local users on the Sonicwall. If you point it at your AD you can specify users from there. You'll simply need to provide credentials for the Sonicwall to access the AD, I'd setup a seperate account to do this to keep things tidy.

Finally just an observation, I'm a big Microsoft fan, but unless you were going for Microsoft  ForeFront UAG (the full blown SSL VPN product which used to be called  IAG and came from a company they bought called Whale) then you will get  better performance out of a dedicated appliance than using an extra  service on your existing server; in addition using a seperate firewall  appliance (e.g. the Sonicwall) would mean that server doesn't have to be  exposed to the internet which increases security and allows all of its  resources to be focused on doing its primary tasks of serving the  internal network.

Let me know how you get on.

JohnBusiness Consultant (Owner)Commented:
Linksys Cisco RV0xx series routers may good VPN routers and the small ones (RV042) are quite inexpensive. I access them via IPSec but I think you can set them up for PPTP as well. ... Thinkpads_User
This is a pretty normal, basic setup. You could use SonicWALL, Cisco, etc. any of them will do what you want. The SonicWALL TZ100 would work for you at each site, or the Cisco ASA 5505 (or RV0xx series as thinkpads mentioned).

As for throughput over the VPN, make sure the tunnel is using AES-(128,256)/SHA1. It's a much faster algorithm than 3DES and you won't have to sacrifice security.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

There are some steps you need to understand first

1.Any UTM/Firewall will solve the same problem because they have their VPN server inbuilt.
but you need to understand how many concurrent session/user they will support.. so while purchasing any UTM or firewall be specific about user can add any VPN box for the same coonectivity
3. you need to understand what application you are going to use on VPN. my suggestion is go for IPSEC VPN, because that will support both voice,data and video.. in SSL VPN you may face some problem.
4.if you are going to use any ERP... then how they will work...on RDP/RDC or through software client.
 any basic firewall device or VPNBOX will solve your problem
EEAPIAuthor Commented:
Thanks for the replies so far, here are more info regarding the setup:

We need to support about 10 remote users to access the vpn. They just need to use typical office apps, like Exchange/Outlook, access files on the file server. Currently, they use the MS VPN client on XP or Windows 7 to access the RAS VPN on Windows server.

How reliable are the Sonicwall ones compare to the Cisco ones? Is there any through put advantages with the Cisco device? Thanks!
Hi there, I work for a Sonicwall reseller in the UK so my answer won't be completely unbiased ! :)

We run managed services for around 1100 customers in the UK running a mixture of Cisco and Sonicwall solutions most of which are a mirror for what you are trying to achieve.

The main considerations are going to be budget and functionality.

But looking looking at functionality one point you highlight is throughput and its important too check out whether you want to use inbuilt UTM (unified threat managment) which is offered on all the Sonicwall devices and a number of the Cisco ones. If you use it, compare the speeds of throughput, in our expereince the Sonicwall often does a better job.

The next thing is connectivity. A TZ210 offers 3G fallback so if the main connection goes down you can use a 3g dongle (get one that's compatible not anyone will work e.g. a Huwai E160) it will be slow but you can still do stuff whilst the line is fixed.

Obviously integrated WiFi access is handy but more important is that it gives you a single point to control security at that site so that maybe important.

Again on the Sonciwall (and I assume the Cisco) they offer an SSL VPN now with 25 user license, which means you can allow people to connect into a reasonable standard SSL VPN when away from the office with some reasonable functionality in terms of configuring the user interface.

Also if you do need remote users then the Virtual Assist option on the Sonicwall gives you an equivalane to Citrix Assist or Reachout built into the VPN so that if the user is having trouble installing the software on their home machine for example, you can do a remote session with them and get it sorted more quickly.

We have customers that will run multiple branches with 5-10 users per branch back into a TZ200 so performance wise it will work for you I'm sure, its just checking out the other functionality and making sure the 'brand' of the product isn't more important than what it does! :)

This link is a comparison of the TZ products if you need to take a look

Let me know if you'd like to know anything more.
dear ,
don't be can go for any UTM...
but the solution should be ok.
EEAPIAuthor Commented:
Will the Sonicwall/Cisco device support Intel Mac's 10.5.x and up? So if I go with the Sonicwall, and use it for site-to-site VPN and VPN for home users, this will work? How does the Sonicwall get VPN access permission from Active Directory? Compare that to the VPN on MS server, should I expect better through put?
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
If you have Mac clients you can use a FREE app called IPSecuritas by Lobotomo. It allows you to connect you Macs to both Sonicwall and Cisco devices for VPN.

The Sonicwall can be configured for AD RADIUS authentication.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.