Link to home
Create AccountLog in
Avatar of ido90

asked on

VPN protocal

I am looking at setting up a VPN, speed it a big factor. I am looking at SSL VPN or Open VPN (not supported by many routers). Putting security aside which do you recommend? For instance, the Barracuda X200 has SSL VPN only most of the Cisco routers do not support OpenVPN also.
I'm open to other protocols also please let me know what you think is the best VPN for EU to US connections.
Avatar of Member_2_2473503
Flag of Philippines image

is this for site to site VPN, client access VPN, or both?

If site to site VPN you need an appliance that can handle the amount of traffic that will pass between sites
If client access you need one that will handle the most concurrent user sessions you can imagine

You can install OpenWRT on a variety of SOHO routers but if you are doing site to site and have more than 10 people per location I would avoid this

For larger implementations you should look at the firewalls offered by; Meraki, SonicWALL, FortiNet, Cisco, NetGear, etc

My choice would be Meraki but you want to have the same device type at each end.

Remember though no matter what brand you go with you will likely need to license multiple remote access clients to get everything working.

If you give me an idea of size, traffic expectations, and connection types I can advise specific models.
Avatar of J Spoor
meraki doesn't offer any really security... so if you are looking for a firewall with VPN capability, with the ever emerging threats and malware out there, look into a UTM or NGFW that can do all.

For client access, I suggest SSL-VPN, with IPsec you sometimes run into the limitations that for example in hotels they won't support IPsec. SSL-VPN has however a larger overhead.

For site-to-site indeed look into a IPsec VPN capable unit.

Specially in a link with high latency, US-EMEA you should also look in WAN acceleration, as laency is a big impact in throughput speeds.

the SonicWALL offers all of the above

View example configurations and the SonicWALL webui and features on or

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on or

You can also view the Next-Generation Firewalls via or
Avatar of ido90


I am trying to setup a Client->site VPN. Most of the time there will be four users at most, and those need to have low latency speeds.

Also with OpenVPN, there is usually the option of split VPN so you don't loose the local connectivity. Is that available in any other protocol that is good?

I tried with an old Cisco Router (RV220W) PPTP connection. Europe to US client (100/2) site (10/10) what I get is (1/1) ping 230ms.

Do you think there is a router or another protocol that would improve that?
It's the latency that kills you.
Both with IPsec Client to Site and SSL-VPN you can do split tunneling.

if speed is the main concern, you need WAN optimization.
Avatar of ido90


who in your opinion has a good WAN optimization feature? for client-site
Avatar of SIM50
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SonicWALL, firewall as SSL-VPN and a WXA on top (managed from the firewall)

I would like to know why you think Meraki does not provide any real security.
Coz I just did a full analysis of it.

It has huge limitations on the AV engine and only inspects HTTP, can't do SSL inspection, nor does it inspect anything else then HTTP traffic.

IPS seems ok as it's snort based.

App control is very limited.

It's practically a home router functionality wise with 0 enterprise features, even missing proper networking features.
Thanks JSpoor,

My team recently decided to switch to Meraki for our field sites but I was not involved in the selection so did not really look much into them.

Have you looked at them since Cisco bought the company?  I know they have made some improvements.
This review was done just a few weeks ago.

The only recent addition is AMP sandboxing, but again only for HTTP downloads.

For any other competitive data feel free to PM me.
Reviewed PAN, Fortinet, Check Point, Meraki, WatchGuard and Sophos (Sophos and Cyberoam)
In the mean feel free to view the SonicWALL features and UI here or

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on or

You can also view the Next-Generation Firewalls via or
Avatar of ido90


I'm still with a big ??? on the VPN situation. For now, I installed a CISCO RV325. I tried various protocols, seems PPTP is the only one that actually gives be some speed on this router. The Linksys LRT224 I has before actually did give good speed with OpenVPN UDP but it was no reliable. I read on WAN acceleration and from what I can see it will not help me. I need real-time speed, it's not about the files, I need to read and write directly to PLC units onsite.  It seems what I need is UDP type of protocol, One option, is the CISCO ASA5506-K9 with DTLS as suggested and the other option seems to be setting up an OpenVPN server on one PC machine on site. I could not find any good OpenVPN routers for commercial use, Any suggestions on which direction I should go?
don't think the CISCO RV325 has hardware crypto for IPsec, hence the low perfromance

I personally have a Site-to-site IPSec from Netherlands to California using SonicWALLs on both ends, and have good transfer. Even without WAN acceleration.

If it's speed and security you need, don't look at rotuers that are not designed for IPsec :)
Avatar of ido90


I just talked to SonicWall they suggested the TZ400 but they said they are "only the manufacturer" and they don't know about IPsec and all that... they also do not have technical people... does the TZ400 have the capabilities you are talking about?
TZ400 is a full IPsec Concentrator :) I use a TZ600 myself at home
c'rection, TZ500, still have to unbox the TZ600 :)
all the TZs and NSAs are available to review on