[Webinar] Streamline your web hosting managementRegister Today


Site to Site VPN solutions for two small offices

Posted on 2010-09-14
Medium Priority
Last Modified: 2012-05-10
I am trying to create a site to site VPN between two offices.

Site 1 HQ 30 users (has AD, mail, file servers) 10Mpbs Business Ethernet up and down
Site 2 remote office 10 users - Comcast Business class with static IP 10+Mpbs up and 4+Mpbs down.

They are already in two different private subnets. Currently users from remote office login via MS RAS VPN, which is not too reliable.

I want to create a site to site VPN so the two office are always connected via the VPN but also allow some home user to continue able to login to MS RAS as now.

Thanks in advance for any recommendations. Two Sonicwall devices? Two cisco devices? What is the best way to max through put between the two locations?

Question by:EEAPI
  • 2
  • 2
  • 2
  • +3
LVL 101

Expert Comment

by:John Hurst
ID: 33678269
Linksys Cisco RV0xx series routers may good VPN routers and the small ones (RV042) are quite inexpensive. I access them via IPSec but I think you can set them up for PPTP as well. ... Thinkpads_User
LVL 11

Assisted Solution

crouthamela earned 400 total points
ID: 33678366
This is a pretty normal, basic setup. You could use SonicWALL, Cisco, etc. any of them will do what you want. The SonicWALL TZ100 would work for you at each site, or the Cisco ASA 5505 (or RV0xx series as thinkpads mentioned).

As for throughput over the VPN, make sure the tunnel is using AES-(128,256)/SHA1. It's a much faster algorithm than 3DES and you won't have to sacrifice security.
LVL 11

Assisted Solution

DIPRAJ earned 400 total points
ID: 33681515
There are some steps you need to understand first

1.Any UTM/Firewall will solve the same problem because they have their VPN server inbuilt.
but you need to understand how many concurrent session/user they will support.. so while purchasing any UTM or firewall be specific about user
2.you can add any VPN box for the same coonectivity
3. you need to understand what application you are going to use on VPN. my suggestion is go for IPSEC VPN, because that will support both voice,data and video.. in SSL VPN you may face some problem.
4.if you are going to use any ERP... then how they will work...on RDP/RDC or through software client.
 any basic firewall device or VPNBOX will solve your problem
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!


Author Comment

ID: 33684187
Thanks for the replies so far, here are more info regarding the setup:

We need to support about 10 remote users to access the vpn. They just need to use typical office apps, like Exchange/Outlook, access files on the file server. Currently, they use the MS VPN client on XP or Windows 7 to access the RAS VPN on Windows server.

How reliable are the Sonicwall ones compare to the Cisco ones? Is there any through put advantages with the Cisco device? Thanks!

Expert Comment

ID: 33688992
Hi there, I work for a Sonicwall reseller in the UK so my answer won't be completely unbiased ! :)

We run managed services for around 1100 customers in the UK running a mixture of Cisco and Sonicwall solutions most of which are a mirror for what you are trying to achieve.

The main considerations are going to be budget and functionality.

But looking looking at functionality one point you highlight is throughput and its important too check out whether you want to use inbuilt UTM (unified threat managment) which is offered on all the Sonicwall devices and a number of the Cisco ones. If you use it, compare the speeds of throughput, in our expereince the Sonicwall often does a better job.

The next thing is connectivity. A TZ210 offers 3G fallback so if the main connection goes down you can use a 3g dongle (get one that's compatible not anyone will work e.g. a Huwai E160) it will be slow but you can still do stuff whilst the line is fixed.

Obviously integrated WiFi access is handy but more important is that it gives you a single point to control security at that site so that maybe important.

Again on the Sonciwall (and I assume the Cisco) they offer an SSL VPN now with 25 user license, which means you can allow people to connect into a reasonable standard SSL VPN when away from the office with some reasonable functionality in terms of configuring the user interface.

Also if you do need remote users then the Virtual Assist option on the Sonicwall gives you an equivalane to Citrix Assist or Reachout built into the VPN so that if the user is having trouble installing the software on their home machine for example, you can do a remote session with them and get it sorted more quickly.

We have customers that will run multiple branches with 5-10 users per branch back into a TZ200 so performance wise it will work for you I'm sure, its just checking out the other functionality and making sure the 'brand' of the product isn't more important than what it does! :)

This link is a comparison of the TZ products if you need to take a look http://www.sonicwall.com/us/products/13281.html.

Let me know if you'd like to know anything more.
LVL 11

Expert Comment

ID: 33690179
dear ,
don't be biased....you can go for any UTM...
but the solution should be ok.

Author Comment

ID: 33697554
Will the Sonicwall/Cisco device support Intel Mac's 10.5.x and up? So if I go with the Sonicwall, and use it for site-to-site VPN and VPN for home users, this will work? How does the Sonicwall get VPN access permission from Active Directory? Compare that to the VPN on MS server, should I expect better through put?

Accepted Solution

hairyyak earned 1200 total points
ID: 33698571
Hi there, so I did a bit of checking around...

First off on the performance issue there's a comparioson here of throughput vs. Cisco and Juniper but not anything agains tMicrosoft I'm affraid, the link is http://www.sonicwall.com/us/products/TZ_Series.html.

Secondly on the SSL VPN side of things, you would need the TZ210 and it uses a technology called NetExtender. This has clients for Apple, Linux and Windows checkout this link here http://www.sonicwall.com/us/products/676.html

Third, when you setup a Sonicwall you have the option to specify authentication providers or you can setup local users on the Sonicwall. If you point it at your AD you can specify users from there. You'll simply need to provide credentials for the Sonicwall to access the AD, I'd setup a seperate account to do this to keep things tidy.

Finally just an observation, I'm a big Microsoft fan, but unless you were going for Microsoft  ForeFront UAG (the full blown SSL VPN product which used to be called  IAG and came from a company they bought called Whale) then you will get  better performance out of a dedicated appliance than using an extra  service on your existing server; in addition using a seperate firewall  appliance (e.g. the Sonicwall) would mean that server doesn't have to be  exposed to the internet which increases security and allows all of its  resources to be focused on doing its primary tasks of serving the  internal network.

Let me know how you get on.

LVL 32

Expert Comment

ID: 33699951
If you have Mac clients you can use a FREE app called IPSecuritas by Lobotomo. It allows you to connect you Macs to both Sonicwall and Cisco devices for VPN.

The Sonicwall can be configured for AD RADIUS authentication.

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question