[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

automated site to site vpn recommendations

We use the Meraki series -- MX @ the main office, and Z1 for the remote, or just 2 Z1 units if it's a small network and they work great.  
We've even gone so far as to utilize Avaya ip phones over the link so the teleworker's extension works wherever they are.  I have to say, compared to a PIX or ASA, etc. they are about the simplest VPN setup you'll ever come across.  We've even had cases where the Z1 was behind a fairly restrictive NAT, and it was able to establish a session and work great. 
Definitely not the cheapest, but if you can get by with just a couple of Z1s the cost isn't too bad.

-----Original Message-----
From: "c b" <bz_siege_01 at hotmail.com>
Sent: Monday, June 27, 2016 4:08pm
To: "nanog at nanog.org" <nanog at nanog.org>
Subject: automated site to site vpn recommendations

Situation: We have salespeople/engineers holding temporary seminars/training/demonstrations in hotel meeting rooms.
field people need a very plug-n-play, simple, reliable vpn back to corporate offices to present videos/slides/demonstrations. The materials are not accessible via the internet directly, they are in a contained environment at corporate HQ locations but not necessarily on the corp network.the solution should be able to provide wireless to attendees. In some cases, guest login will be fine but in some cases the attendees will have registered and provided login creds prior to the event, and these creds will need to be checked before providing accessthe solution should have the option to split tunnel internet traffic out, but in some cases they need all traffic tunneled and internet will be via our corporate offices (NDA/legal, don't ask, it's just a requirement provided)
 field person should be able to not only access the presentation materials (in their contained network) but also the corporate network. Some early attempts required a user-vpn connection by the field person over the S2S VPN, but it made it clunky to switch back and forth. This isn't mandatory, but it would be nice to provide one solution providing dual-level access: restricted to attendees, less-restricted to field people
Tried this in the past with basic router/switch/wireless and captive portals because we had some inventory available... it was workable but not quick or easy. We really could use a simple solution that you just flip on, it calls home, and works... or as close to that as possible.
Have been looking at Meraki and a couple other low-touch solutions and they may do the trick, but we are hoping there are lower cost options that people have used successfully? We don't mind dealing with some off brands and even some custom coding (within reason) as long as the end result is a low-touch, reliable solution.
Thanks in advance.