Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Remote ethernet devices

Posted on 2012-03-14
13
387 Views
Last Modified: 2014-11-12
Anyone familiar with the use of "remote ethernet devices" that can securely connect branch offices over the public cloud?  There is a product from Sophos Network Security call Astaro Remote Ethernet Devices that are plug and play boxes that you power up at your remote offices and automatically connect up to your private WAN to all other branches with the same box.  Almost like subscribing to MPLS or private VPN service.
My business partners are all wanting to move their business to the public cloud (Amazon, Terremark, etc...) Anyone with experience using these products and/or similar products?
For the Remote Ethernet Devices, I would be most interested in a VM version so that it can be launced in the cloud.
0
Comment
Question by:mrkent
  • 6
  • 5
13 Comments
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 37721756
the astaro/sophos RED simply creates a layer2 VPN Tunnel to another location.
but it is not available as virtual appliance.
but you can use the virtual UTM Appliance (Firewall) to build a VPN to amazon.
thats supported...
"This feature has been released in Version 8.300 of ASG and is now available! You may locate ASG Amazon Machine Images by searching “ASG” from the community tab of the AMI marketplace in Amazon Web Services"
0
 

Author Comment

by:mrkent
ID: 37722994
"to build a VPN to amazon"   What do you mean?  VPN from where to where?  And what device to what device?
0
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 37723783
you can use ASTARO/SOPHOS VPX to build a S2S VNP from your office to your virtual computing environment at the Amazon cloud.

http://aws.amazon.com/en/ec2/#functionality

ASL can build IPSec VPN's to nearly any other device.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:mrkent
ID: 37724535
In your initial post, when you said the RED creates a layer 2 VPN to another location:  1. Since it connect thrus the internet, how does it get thru since it must have layer 3?  IPSEC? 2. Does the other location have to be another Astaro Red?

ASL? Is that another abbreviation or typo?
Being able to build IPSEC VPN to nearly any other device, I'm trying to determine why it would be better than any other VPN termination product like the Cisco 871 for example.

With IPSEC is the key exchange via pre-shared keying?

Thanks for the info
0
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 38245218
Update:
The devices - at one Side Sophos UTM (or AstaroSecureLinux == ASL/AstaroSecureGateway == ASG/ ... thats all the same) and Astaro RED at the other side creates a VPN using Layer 3. But within the tunnel they transmit Layer2 data.

With SophosUTM at booth sides you can transmit L2 or L3 data through the tunnel.

The VPN are not better than using Cisco Router/ASA or other Device, but the management is much more simple.

With SophosUTM (ASL/ASG) you can use PSK and Certificates.      

The new version are very nice. take a look.
0
 

Author Comment

by:mrkent
ID: 38246068
So it looks like SophosUTM to SophosUTM is the best option for me because I am most interested in transmitting L3 data thru the tunnel.

Thanks for the update.
0
 
LVL 23

Accepted Solution

by:
Dirk Kotte earned 500 total points
ID: 38247279
VPN SophosUTM to SophosUTM is a simple to manage solution.
You can try it for free.
Take 2 PC's with >=2 NIC's 1-2 GB RAM and install the free software.
you need the network-security subscription (or a 30 day demo license).
i can create the demo-lic for you.
If you are happy with the solution, you can buy the  network-security subscription and also 1-2 appliances.
all configurations made while testing are reusable.
0
 

Author Comment

by:mrkent
ID: 38247405
Thanks for the offer to get the demo-lic
I had already recently purchased three hardware RED appliances and an ASG Virtual hub (Essential Firewall/Net security/Web security product) for 10 users.  I had the virtual hub installed in Amazon, an AWS instance.  And I mapped the hardware appliances to each other via that hub.  Giving a hub and spoke topology.
But I really like the idea of connecting two virtual hubs together and passing tunneled L3 traffic between them.
Do you think I need to purchase another virtual ASG virtual hub for this or can I get a demo license and try it out -in other words get another demo virtual hub in the Amazon (or another cloud provider, I'm married to Amazon) cloud?
0
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 38247587
sorry,
i am not aware about other cloud providers using (virtual) ASG.
also i don't know nothing about AWS Pricing.
If you can create another virtual ASG virtual hub and only missing the license, you can use a demo key.
0
 

Author Comment

by:mrkent
ID: 38247622
That's all I need to know.  If I can create another "test" hub on my own AWS with a demo key for the second ASG virtual hub, then I'm all set and can try it out.
Thanks!
0
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 38580440
solved?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Internet Service Provider 3 55
Failover VPN Question Sonicwall 5 47
Multiple MPLS Circuits Connecting to LAN 3 42
BGP prefix and routing 3 57
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question