dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
604
cyclone_z
join:2006-06-19
Ames, IA

cyclone_z

Member

Cisco VPN questions

Hello,
I am going to set up a remote access VPN at a "small" business. The purpose would be for employees to be able to access the LAN from home. They might be accessing a file server or using remote desktop to get to their computer. One or two employees may want to check the security cameras remotely on either a desktop computer or a mobile phone or tablet.

The WAN connection to the Internet will likely be either 7 or 10 Mbps metro Ethernet. The Cisco integrated services routers look interesting, and I get the impression that they can do what I want/need. But I am still not sure about some features. I would appreciate any help.

1. Do/which Cisco integrated services routers support remote access VPN? I see a lot of about site-to-site VPN where you connect two small offices or a remote office to a main office by creating a VPN tunnel between two Cisco routers. That's not what I want to do.

2. If the 880 and 1940 series support remote access VPN, are they going to be fast enough for our uses/connection?

I'll probably have more questions later. Thanks for any help with these!
tired_runner
Premium Member
join:2000-08-25
CT
·Frontier FiberOp..

tired_runner

Premium Member

I use a 1841 at home configured for remote access. It does exactly what you're needing to do. As for speed, the stronger cipher suite used, the less speed the end user will experience accounting for ESP and TCP/IP overhead.

I'll post my config in a bit if interested.

Paulg
Displaced Yooper
Premium Member
join:2004-03-15
Neenah, WI

Paulg to cyclone_z

Premium Member

to cyclone_z
Depending on what sort of routing needs you have, an ASA5505 may meet your needs too, and is relatively affordable.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to cyclone_z

MVM

to cyclone_z
said by cyclone_z:

1. Do/which Cisco integrated services routers support remote access VPN?

Yes, via IPSec or SSL VPN. There's been a couple threads in this forum where a couple of us have taken our first steps
in learning how to do both and gotten them working...

Next thing to keep in mind is which client(s) you want. Cisco's old 5.x client (long EOL), Cisco's Anyconnect,
Shrewsoft VPN Client, or something else.
said by cyclone_z:

2. If the 880 and 1940 series support remote access VPN, are they going to be fast enough for our uses/connection?

Is that 7 - 10Mbps SYMMETRICAL speeds?

Hard to say as I don't have either one to benchmark. Besides raw speed numbers, keep in mind how many users IN TOTAL
you're going to be running through -- 880s are rated for 20 users or tunnels. The 1940 could possibly do more, but
the datasheet doesn't quote a number -- and what kind of encryption / hashing strength you want, as tired_runner See Profile
mentioned.

Regards
cyclone_z
join:2006-06-19
Ames, IA

cyclone_z

Member

said by HELLFIRE:

Next thing to keep in mind is which client(s) you want. Cisco's old 5.x client (long EOL), Cisco's Anyconnect,
Shrewsoft VPN Client, or something else.

OK, this is a good point. Previously I have used Cisco Anyconnect Client (I didn't set up the VPN at those organizations). It works well, but I think it only works with SSLVPN, which is somewhat pricey.

But from what I've read, I think IPSec is widely supported "out of the box" on many operating systems.

Can I just use built-in software on Windows/OS X/iOS/Android to connect to IPSec, without the need to purchase third-party clients?
said by HELLFIRE:

Is that 7 - 10Mbps SYMMETRICAL speeds?

Hard to say as I don't have either one to benchmark. Besides raw speed numbers, keep in mind how many users IN TOTAL
you're going to be running through -- 880s are rated for 20 users or tunnels. The 1940 could possibly do more, but
the datasheet doesn't quote a number -- and what kind of encryption / hashing strength you want, as mentioned.

Yes, metro ethernet is always symmetrical. It can be delivered over copper, using Ethernet over Copper (basically 4 copper pairs with bonded G.SHDSL connections) or over fiber.

I expect we will have 5 simultaneous remote users at most. The biggest bandwidth issue might be remote viewing of security camera video.

Thanks everyone for the help!

kamikatze
join:2007-11-02

kamikatze

Member

Click for full size
Just to be safe, open your DVR's web page, start streaming, open Windows Resource Monitor, go to Network and check bandwidth usage.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to cyclone_z

MVM

to cyclone_z
said by cyclone_z:

I expect we will have 5 simultaneous remote users at most.

Shrewsoft would be a good option to use.

Tried it out when I did my IPSec remote access and worked pretty good and securely with my ISR.
said by cyclone_z:

The biggest bandwidth issue might be remote viewing of security camera video.

...or set up a tool to monitor utilization. A combination of SNMP polling (router cpu and memory utilization) and
Netflow (traffic distribution / utilization) would do this nicely.

My 00000010bits

Regards