automated site to site vpn recommendations

Wed Jun 29 22:49:27 UTC 2016

I treat Meraki like SmartNET. The subscription comes with lifetime support
(TAC + Warranty), you do have support on your production network gear don't
you? It's not like they trick you going into it either. I for one am a huge
fan of the simplicity, it just works.

Disclaimer: We use them. ~35 access points all around the world.

*Spencer Ryan* | Senior Systems Administrator | sryan at arbor.net
*Arbor Networks*
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com

On Wed, Jun 29, 2016 at 6:33 PM, Eric Kuhnke <eric.kuhnke at gmail.com> wrote:

> My biggest issue with Meraki is the fundamentally flawed business model,
> biased in favor of vendor lock in and endlessly recurring payments to the
> equipment vendor rather than the ISP or enterprise end user.
>
> You should not have to pay a yearly subscription fee to keep your in-house
> 802.11(abgn/ac) wifi access points operating. The very idea that the
> equipment you purchased which worked flawlessly on day one will stop
> working not because it's broken, or obsolete, but because your
> *subscription* expired...
>
> If you want wifi with a centralized controller there's lots of ways to do
> it at either L2 (Unifi APs and Unifi controller reachable on the same LAN
> segment as the Unifis, or with its own management vlan), or with Unifi APs
> programmed to find a controller by hostname/IP address (L3).
>
>
>
> On Wed, Jun 29, 2016 at 5:55 AM, Paul Nash <paul at nashnetworks.ca> wrote:
>
> > My biggest issue with Meraki is that their tech staff can run tcpdump on
> > the wired or wireless interface of your Meraki box without having to
> leave
> > their desk.  I have no reason to believe that they are malicious, or in
> the
> > pay of the NSA, but I am too paranoid to allow their equipment anywhere
> > near me.
> >
> > Yes, they work well and the cloud control panel makes remote support a
> > breeze; you have to decide how you feel about the insecurity.
> >
> >         paul
> >
> > > On Jun 27, 2016, at 6:28 PM, Dan Stralka <mrsyeltzin at gmail.com> wrote:
> > >
> > > I would second Meraki for the situation you describe. I don't feel that
> > > they are the most capable platform, they're expensive, and don't always
> > > present you with all the information you'd need for troubleshooting.
> > > However, the VPN offers great dynamic tunneling, instant-on
> performance,
> > > and are by far the simplest platform to offer a field person.  They're
> > also
> > > tenacious - I've had them connect to the cloud management platform and
> > > build a VPN under some trying circumstances.
> > >
> > > From a security standpoint, they will offer features that will impress
> > for
> > > the price (Sourcefire, inability to use if stolen, 802.1x, and remote
> VPN
> > > tunnel control), and we've found they punch above their weight and
> their
> > > APs perform fantastically.
> > >
> > > We deploy them worldwide many times per year in similar use cases,
> > > sometimes with 150 users on the LAN. If your routing is simple, you can
> > > define your security policies, and don't need crazy throughput on your
> > VPN,
> > > Meraki is the way to go.  Be careful though: they have to be
> continually
> > > licensed to work and can get pretty expensive if you go for the higher
> > end
> > > gear.  Thus far, we've been able to stick to the cheaper stuff and
> > > accomplish our goals.
> > >
> > > Dan
> > >
> > > (end)
> > > On Jun 27, 2016 6:01 PM, "Karl Auer" <kauer at biplane.com.au> wrote:
> > >
> > >> On Mon, 2016-06-27 at 13:08 -0700, c b wrote:
> > >>> In some cases...
> > >>
> > >> The words "in some cases" are a problem with any supposedly plug and
> > >> play solution.
> > >>
> > >>> We really could use a simple solution that you
> > >>> just flip on, it calls home, and works...
> > >>
> > >> ...but still requiring someone to enter credentials of some sort,
> > >> right? Otherwise you have a device wandering about that provides look
> > >> -mum-no-hands access to your corporate network.
> > >>
> > >> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet,
> USB
> > >> for a wireless dongle or storage, and has a highly-scriptable
> operating
> > >> system. Not a bad platform.
> > >>
> > >> Regards, K.
> > >>
> > >> --
> > >>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >> Karl Auer (kauer at biplane.com.au)
> > >> http://www.biplane.com.au/kauer
> > >> http://twitter.com/kauer389
> > >>
> > >> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> > >> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
> > >>
> > >>
> > >>
> > >>
> >
> >
>