Solved

Site to Site VPN solutions for two small offices

Posted on 2010-09-14
9
759 Views
Last Modified: 2012-05-10
I am trying to create a site to site VPN between two offices.

Site 1 HQ 30 users (has AD, mail, file servers) 10Mpbs Business Ethernet up and down
Site 2 remote office 10 users - Comcast Business class with static IP 10+Mpbs up and 4+Mpbs down.

They are already in two different private subnets. Currently users from remote office login via MS RAS VPN, which is not too reliable.

I want to create a site to site VPN so the two office are always connected via the VPN but also allow some home user to continue able to login to MS RAS as now.

Thanks in advance for any recommendations. Two Sonicwall devices? Two cisco devices? What is the best way to max through put between the two locations?



0
Comment
Question by:EEAPI
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 95

Expert Comment

by:John Hurst
ID: 33678269
Linksys Cisco RV0xx series routers may good VPN routers and the small ones (RV042) are quite inexpensive. I access them via IPSec but I think you can set them up for PPTP as well. ... Thinkpads_User
0
 
LVL 11

Assisted Solution

by:crouthamela
crouthamela earned 100 total points
ID: 33678366
This is a pretty normal, basic setup. You could use SonicWALL, Cisco, etc. any of them will do what you want. The SonicWALL TZ100 would work for you at each site, or the Cisco ASA 5505 (or RV0xx series as thinkpads mentioned).

As for throughput over the VPN, make sure the tunnel is using AES-(128,256)/SHA1. It's a much faster algorithm than 3DES and you won't have to sacrifice security.
0
 
LVL 11

Assisted Solution

by:DIPRAJ
DIPRAJ earned 100 total points
ID: 33681515
There are some steps you need to understand first

1.Any UTM/Firewall will solve the same problem because they have their VPN server inbuilt.
but you need to understand how many concurrent session/user they will support.. so while purchasing any UTM or firewall be specific about user
2.you can add any VPN box for the same coonectivity
3. you need to understand what application you are going to use on VPN. my suggestion is go for IPSEC VPN, because that will support both voice,data and video.. in SSL VPN you may face some problem.
4.if you are going to use any ERP... then how they will work...on RDP/RDC or through software client.
 any basic firewall device or VPNBOX will solve your problem
0
Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

 

Author Comment

by:EEAPI
ID: 33684187
Thanks for the replies so far, here are more info regarding the setup:

We need to support about 10 remote users to access the vpn. They just need to use typical office apps, like Exchange/Outlook, access files on the file server. Currently, they use the MS VPN client on XP or Windows 7 to access the RAS VPN on Windows server.

How reliable are the Sonicwall ones compare to the Cisco ones? Is there any through put advantages with the Cisco device? Thanks!
0
 
LVL 1

Expert Comment

by:hairyyak
ID: 33688992
Hi there, I work for a Sonicwall reseller in the UK so my answer won't be completely unbiased ! :)

We run managed services for around 1100 customers in the UK running a mixture of Cisco and Sonicwall solutions most of which are a mirror for what you are trying to achieve.

The main considerations are going to be budget and functionality.

But looking looking at functionality one point you highlight is throughput and its important too check out whether you want to use inbuilt UTM (unified threat managment) which is offered on all the Sonicwall devices and a number of the Cisco ones. If you use it, compare the speeds of throughput, in our expereince the Sonicwall often does a better job.

The next thing is connectivity. A TZ210 offers 3G fallback so if the main connection goes down you can use a 3g dongle (get one that's compatible not anyone will work e.g. a Huwai E160) it will be slow but you can still do stuff whilst the line is fixed.

Obviously integrated WiFi access is handy but more important is that it gives you a single point to control security at that site so that maybe important.

Again on the Sonciwall (and I assume the Cisco) they offer an SSL VPN now with 25 user license, which means you can allow people to connect into a reasonable standard SSL VPN when away from the office with some reasonable functionality in terms of configuring the user interface.

Also if you do need remote users then the Virtual Assist option on the Sonicwall gives you an equivalane to Citrix Assist or Reachout built into the VPN so that if the user is having trouble installing the software on their home machine for example, you can do a remote session with them and get it sorted more quickly.

We have customers that will run multiple branches with 5-10 users per branch back into a TZ200 so performance wise it will work for you I'm sure, its just checking out the other functionality and making sure the 'brand' of the product isn't more important than what it does! :)

This link is a comparison of the TZ products if you need to take a look http://www.sonicwall.com/us/products/13281.html.

Let me know if you'd like to know anything more.
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33690179
dear ,
don't be biased....you can go for any UTM...
but the solution should be ok.
0
 

Author Comment

by:EEAPI
ID: 33697554
Will the Sonicwall/Cisco device support Intel Mac's 10.5.x and up? So if I go with the Sonicwall, and use it for site-to-site VPN and VPN for home users, this will work? How does the Sonicwall get VPN access permission from Active Directory? Compare that to the VPN on MS server, should I expect better through put?
0
 
LVL 1

Accepted Solution

by:
hairyyak earned 300 total points
ID: 33698571
Hi there, so I did a bit of checking around...

First off on the performance issue there's a comparioson here of throughput vs. Cisco and Juniper but not anything agains tMicrosoft I'm affraid, the link is http://www.sonicwall.com/us/products/TZ_Series.html.

Secondly on the SSL VPN side of things, you would need the TZ210 and it uses a technology called NetExtender. This has clients for Apple, Linux and Windows checkout this link here http://www.sonicwall.com/us/products/676.html

Third, when you setup a Sonicwall you have the option to specify authentication providers or you can setup local users on the Sonicwall. If you point it at your AD you can specify users from there. You'll simply need to provide credentials for the Sonicwall to access the AD, I'd setup a seperate account to do this to keep things tidy.

Finally just an observation, I'm a big Microsoft fan, but unless you were going for Microsoft  ForeFront UAG (the full blown SSL VPN product which used to be called  IAG and came from a company they bought called Whale) then you will get  better performance out of a dedicated appliance than using an extra  service on your existing server; in addition using a seperate firewall  appliance (e.g. the Sonicwall) would mean that server doesn't have to be  exposed to the internet which increases security and allows all of its  resources to be focused on doing its primary tasks of serving the  internal network.

Let me know how you get on.

0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33699951
If you have Mac clients you can use a FREE app called IPSecuritas by Lobotomo. It allows you to connect you Macs to both Sonicwall and Cisco devices for VPN.

The Sonicwall can be configured for AD RADIUS authentication.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cannot connect to openvpn server 9 117
Cisco ASA LDAP Authentication for VPN and Management 8 53
VPN Access to Network 4 48
site - site VPN 3 80
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question