Solved

business grade VPN router

Posted on 2014-04-24
6
418 Views
Last Modified: 2014-04-30
I have two locations that I need to setup a vpn for. One in Ontario, CA and another one in Kentucky.   the location intario has a FIOS line with static IP's (35/35Mbps).

The one in Kentucky will be 50/25Mbps with static IP's too - fiber line.

what is a good business grade VPN router?

I would like to connect both locations via vpn and have them use local resources from Ontario, CA.  I would like to join the Kentucky computer to the domain controller and have the computers managed via active directory, endpoint protection, WSUS, group policies, printers, etc...

any recommendations to do this the RIGHT WAY would be greatly appreciated.

The Ontario location has about 50 computers with inhouse Exchange, AD, and custom built database application.
0
Comment
Question by:Anthony H.
6 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40021818
I would setup Untangle in a VM on both sides and let that act as your router - it includes openVPN which does a great job with site-to-site links.
0
 
LVL 9

Expert Comment

by:Red-King
ID: 40022092
Cisco ASA's could be used to do a site to site VPN if you have budget for new equipment. The benefit of using Cisco is they're so prevalent that there tends to be a lot of people/businesses able to provide consultancy if you need it.
You could always go with other hardware which might be cheaper. I have worked with Watchguard and Fortigate Firewalls which both could do this. These would be UTM devices providing extra features such as AV, IPS, DLP and more.

Regarding the AD setup, I'd at least have a local DC in the Kentucky location so users can still log into PCs should the VPN drop. You'd set up a new site in AD Sites & Services with it's own subnet and place the new DC there.

Rory
0
 

Author Comment

by:Anthony H.
ID: 40022634
Which model?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 9

Assisted Solution

by:Red-King
Red-King earned 250 total points
ID: 40023026
Well, that's for you to decide. You will need to review the different models available and decide which meets your needs in terms of bandwidth, concurrent connections and whatever other features you decide you might need, not to mention cost.

http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/models-comparison.html
http://www.juniper.net/us/en/products-services/security/srx-series/#products
http://www.fortinet.com/products/fortigate/index.html
http://www.watchguard.com/products/xtm-main.asp
http://www.sonicwall.com/us/en/products/Network-Security-Appliances.html

Many of these are available as virtual appliances as well as physical hardware.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40023812
Including the Untangle product.  Which you can try first as a free product, test the paid products for two weeks and default back to the free stuff or buy the paid stuff.

You can also buy an Untangle device.
0
 
LVL 23

Accepted Solution

by:
Dirk Kotte earned 250 total points
ID: 40024408
The Sophos UTM is a good solution for VPN too.
With a easy to understand webinterface and a good monitoring.
Available as Software, Virtual or appliances:
http://www.sophos.com/en-us/products/unified-threat-management/tech-specs.aspx
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now