dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
991
share rss forum feed

TherapyChick

join:2003-09-19
Fayetteville, NC

VPN hardware question

I'm looking to setup a VPN between a main office (about 30 PCs) and two branch offices (about 6 computers each there).

I've done some looking, so many options out there...

I'd like to keep the hardware costs for the 3 locations below $1000.00 (total) if possible.

Would something like a ZyXEL ZyWALL do the trick, or what other suggestions would you have?
--
Therapy Chicks

bdnhsv

join:2012-01-20
Huntsville, AL
Do you have any old PC's not being used that you could re-purpose to make VPN servers? There are some free linux distros that can be used for this.

TherapyChick

join:2003-09-19
Fayetteville, NC
said by bdnhsv:

Do you have any old PC's not being used that you could re-purpose to make VPN servers? There are some free linux distros that can be used for this.

No.

And I'd rather have a VPN hardware appliance anyway.
--
Therapy Chicks


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to TherapyChick
Your budget is not overly generous but workable. For the two branch offices you should probably look at the USG 50, and for the main branch, look at the USG 200. Your costs for this should be around $1100-1200 including shipping. Technical support and firmware upgrades are at no cost. The support is in the US out of zyxel in California and its decent.

Typical questions:
How many VPN tunnels do you envisage at each site. How many follks will be on the road and want to tap into work?

What you have not indicated is the ISP connectivity at all your sites (throughput). Im assuming you will have at least TWO ISP connections at the main branch for connectivity 24/7 ie if service is interrupted by DSL for example you have cable backup.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

TherapyChick

join:2003-09-19
Fayetteville, NC
said by Anav:

How many VPN tunnels do you envisage at each site. How many follks will be on the road and want to tap into work?

I guess I'm not sure what that means. At one of the branch offices there are 6 computers. Would that take up 1 VPN tunnel to connect the whole office to the main office, or 6 tunnels?

said by Anav:

What you have not indicated is the ISP connectivity at all your sites (throughput). Im assuming you will have at least TWO ISP connections at the main branch for connectivity 24/7 ie if service is interrupted by DSL for example you have cable backup.

Although uptime is important, it's not necessarily "mission critical". We've had DSL for just over 10 years and had maybe 2 times Internet was out for maybe 30 minutes each.
--
Therapy Chicks

bdnhsv

join:2012-01-20
Huntsville, AL
TC - the most common way is to have 1 tunnel from each branch/remote office back to HQ.Road warriors can also establish a tunnel to HQ if they are out on the road (if you have everything set up properly).


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to TherapyChick
There are two basic ways I am aware of,, hub and spoke as noted above, where each branch connects to the central branch with a vpn tunnel and through that branch can also access the other branch (one tunnel per branch). The other method would entail connecting separately to each location. In this case two tunnels per location. You an see the attraction of hub and spoke as the number of branches increases. In your case either way will work. Sometimes also the central branch does not want local branches to access the internet locally but only through a firewall or extra security device at the main branch etc.

As noted you dont need dual internet access so that makes life simpler. Most business class devices these days come in a dual or multi flavour for redundancy or for 3G-4G backup if not two full flavoured ISPs. Setup time will be shorter.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

TherapyChick

join:2003-09-19
Fayetteville, NC
Thanks for the information, I'm also looking at the Netgear Prosecure product lines too, they look good also.
--
Therapy Chicks

imseanbrown
Premium
join:2005-12-20
New York, NY
NetGear is garbage... ZyXel is a very decent produce line.... I've used the ZyWall gear for years and you can do what you've talked about with their smallest VPN-capable firewall.... the USG stuff is GREAT, but doesn't seem like you'll require the features of it from what you wrote...

techguy2012

join:2012-05-17
Mundelein, IL
reply to TherapyChick
Netgear works OK for one L2L tunnel, any more than that and you've got problems.

Likely can't be done at your price point; but it you want trouble-free simultaneous L2L tunnels, and VPN client access, look at the Cisco ASA 5510 for the main office, and ASA 5505's for the branch offices.

TherapyChick

join:2003-09-19
Fayetteville, NC
said by techguy2012:

Netgear works OK for one L2L tunnel, any more than that and you've got problems.

Likely can't be done at your price point; but it you want trouble-free simultaneous L2L tunnels, and VPN client access, look at the Cisco ASA 5510 for the main office, and ASA 5505's for the branch offices.

Are you talking about the "regular" Netgear routers sold at places like Best Buy, or the Netgear Prosecure products? The Prosecure products can handle a lot of IPSec Tunnels (according to the documentation anyway).
--
Therapy Chicks

techguy2012

join:2012-05-17
Mundelein, IL
reply to TherapyChick
Prosafe - I've had problems with random disconnects or router throughput slowing down - put in Cisco and the problems goes away.

I didn't play with it long enough to determine if it's error correction/tolerance in the VPN encryption, or if it's simply the router CPU is under-powered for the job, perhaps your experience will be better.