automated site to site vpn recommendations

Greg Sowell greg at gregsowell.com
Tue Jun 28 19:53:24 UTC 2016


Lorenzo did a MUM presentation(https://www.youtube.com/watch?v=VeZetH9uX_Y)
on how road warriors can can connect with a Mikrotik to automatically
configure VPN.  Pretty novel idea using inexpensive hardware.  It may not
be as user friendly as you need, though.

On Tue, Jun 28, 2016 at 11:21 AM, Richard Greasley <greasley at superfund.net>
wrote:

> Another option is Checkpoint Edge devices.
> We use them worldwide with little to no problems.
> They're centrally managed and support central logging which is a plus when
> trying to diagnose issues.
> They support dynamic IP addresses as well, so just plug it in and you
> should be good to go.
> Not the cheapest solution, but for sure they get the job done.
>
> Regards,
> Richard.
>
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Dan Stralka
> Sent: Monday, June 27, 2016 6:28 PM
> To: Karl Auer
> Cc: nanog at nanog.org
> Subject: Re: automated site to site vpn recommendations
>
> I would second Meraki for the situation you describe. I don't feel that
> they are the most capable platform, they're expensive, and don't always
> present you with all the information you'd need for troubleshooting.
> However, the VPN offers great dynamic tunneling, instant-on performance,
> and are by far the simplest platform to offer a field person.  They're also
> tenacious - I've had them connect to the cloud management platform and
> build a VPN under some trying circumstances.
>
> From a security standpoint, they will offer features that will impress for
> the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN
> tunnel control), and we've found they punch above their weight and their
> APs perform fantastically.
>
> We deploy them worldwide many times per year in similar use cases,
> sometimes with 150 users on the LAN. If your routing is simple, you can
> define your security policies, and don't need crazy throughput on your VPN,
> Meraki is the way to go.  Be careful though: they have to be continually
> licensed to work and can get pretty expensive if you go for the higher end
> gear.  Thus far, we've been able to stick to the cheaper stuff and
> accomplish our goals.
>
> Dan
>
> (end)
> On Jun 27, 2016 6:01 PM, "Karl Auer" <kauer at biplane.com.au> wrote:
>
> > On Mon, 2016-06-27 at 13:08 -0700, c b wrote:
> > > In some cases...
> >
> > The words "in some cases" are a problem with any supposedly plug and
> > play solution.
> >
> > > We really could use a simple solution that you
> > > just flip on, it calls home, and works...
> >
> > ...but still requiring someone to enter credentials of some sort,
> > right? Otherwise you have a device wandering about that provides look
> > -mum-no-hands access to your corporate network.
> >
> > MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB
> > for a wireless dongle or storage, and has a highly-scriptable operating
> > system. Not a bad platform.
> >
> > Regards, K.
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Karl Auer (kauer at biplane.com.au)
> > http://www.biplane.com.au/kauer
> > http://twitter.com/kauer389
> >
> > GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> > Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
>
>
>
>


-- 

GregSowell.com
TheBrothersWISP.com



More information about the NANOG mailing list