What simple router will route internet traffic through Point-to-Point VPN?
See the attached figures.
I have a current configuration that links sites with Point-to-Point (P2P) or MPLS kind of "private" links.
The implementation also provides internet access through the main site for all sites.
(We happen to be using RV042 routers for interfacing with the P2P links).
Now we want to implement VPN tunnels over the links for added security.
(I'm rather sure the RV042s won't support doing this .. for reasons I could get into but need not here and now)
So, the question is:
What simple interfacing routers can I use on the links that will implement the VPN tunnels AND support the intended internet access?
This would end up looking like a NON-split VPN to the linked sites .. i.e. with internet access over the VPN / P2P link.
Point-to-Point-Simplified.pdf
Planned-Point-to-Point-with-Internet.pdf
I have a current configuration that links sites with Point-to-Point (P2P) or MPLS kind of "private" links.
The implementation also provides internet access through the main site for all sites.
(We happen to be using RV042 routers for interfacing with the P2P links).
Now we want to implement VPN tunnels over the links for added security.
(I'm rather sure the RV042s won't support doing this .. for reasons I could get into but need not here and now)
So, the question is:
What simple interfacing routers can I use on the links that will implement the VPN tunnels AND support the intended internet access?
This would end up looking like a NON-split VPN to the linked sites .. i.e. with internet access over the VPN / P2P link.
Point-to-Point-Simplified.pdf
Planned-Point-to-Point-with-Internet.pdf
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Very interesting approach. Thanks!
The RV042s have been workhorse devices for small to medium companies.
I became convinced some time ago that the WAN had to point "toward the internet" for internet-enabled point-to-point link management.
That was good to know as we were able to make things work. But it was inconvenient and a bit strange.
I'll try your suggestion!
And, I'll likely update my article: https://www.experts-exchange.com/articles/6533/Using-Cisco-Linksys-RV042-RV0XX-Routers-in-Router-Mode.html
... comments appreciated.
The RV042s have been workhorse devices for small to medium companies.
I became convinced some time ago that the WAN had to point "toward the internet" for internet-enabled point-to-point link management.
That was good to know as we were able to make things work. But it was inconvenient and a bit strange.
I'll try your suggestion!
And, I'll likely update my article: https://www.experts-exchange.com/articles/6533/Using-Cisco-Linksys-RV042-RV0XX-Routers-in-Router-Mode.html
... comments appreciated.
ASKER
I tried it but no change in my observations re: the RV042.
i.e. THE RV042 WON"T DO IT.
What other simple VPN router will do what I need?
i.e. THE RV042 WON"T DO IT.
What other simple VPN router will do what I need?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
kevinhsieh: I'd prefer a GUI as it generally avoids having to learn yet another CLI syntax. I don't think that this application is "complicated" as long as the router doesn't internally make indelible assumptions about which end is "up". I posted this question to avoid having to experiment with a bunch of routers.
I'd prefer "low cost" only from the point of view that I'm thrifty. I see no reason to spend more money than makes sense. But cost isn't the driver here. Since I already have RV042s at the remote sites, a router that would reliably VPN with them AND have the necessary routing capability would be feasible I suppose. But, to avoid experimenting with mixing models, It seems to make more sense to use the same model at each node/site. So I would be buying multiple routers just for this one purpose.
Tech support for simple routers is generally not needed. And, of course, "tech support" comes in a variety of forms. But here is a counter example:
We already have a Juniper Networks SRX340 which is the main site internet firewall. I know it's a capable router and I can do most things with it - but still, I'm not an expert Juniper user. I can imagine creating a zone and/or port that would support the link/VPN at the main site and doing away with the main site RV042. But this likely involves experiments as well. At least then all of the routing, etc. would be contained within the SRX340.
I'd prefer "low cost" only from the point of view that I'm thrifty. I see no reason to spend more money than makes sense. But cost isn't the driver here. Since I already have RV042s at the remote sites, a router that would reliably VPN with them AND have the necessary routing capability would be feasible I suppose. But, to avoid experimenting with mixing models, It seems to make more sense to use the same model at each node/site. So I would be buying multiple routers just for this one purpose.
Tech support for simple routers is generally not needed. And, of course, "tech support" comes in a variety of forms. But here is a counter example:
We already have a Juniper Networks SRX340 which is the main site internet firewall. I know it's a capable router and I can do most things with it - but still, I'm not an expert Juniper user. I can imagine creating a zone and/or port that would support the link/VPN at the main site and doing away with the main site RV042. But this likely involves experiments as well. At least then all of the routing, etc. would be contained within the SRX340.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ben Personick: Yes, that's what I had in mind. A port on the SRX340 would be the P2P link terminator at the main site - in place of the current RV042. The expectation would be that its IPSec VPN would terminate OK on the other RV042s. That has to be somewhat of a risk.
(I must say that I find the GUI on the SRX340 to be less useful than what's on the SRX240 that it replaced).
(I must say that I find the GUI on the SRX340 to be less useful than what's on the SRX240 that it replaced).
Unless there is some caveat to the RV042s I don;t see why this would be much issue.
We have an SRX240, not a huge cfan of their GUI, or the Cisco GUI (ASDM) Fortigate and Checkpoint have the best GUIs I've used IMHO
Let us know if there is anything further we can help with here.
Thanks :)
We have an SRX240, not a huge cfan of their GUI, or the Cisco GUI (ASDM) Fortigate and Checkpoint have the best GUIs I've used IMHO
Let us know if there is anything further we can help with here.
Thanks :)
ASKER
I got a couple of Ubiquiti Edgerouter-X devices and will be trying it on them soon.
Thanks!
Thanks!
ASKER
THanks!
ASKER
In this case, ALL of the VPN ports have to "point to the P2P".....
So, I'd like to know of simple VPN routers that *will work*.