automated site to site vpn recommendations

• Previous message (by thread): automated site to site vpn recommendations
• Next message (by thread): automated site to site vpn recommendations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a feeling that most if not all of the requirements you have could be
achieved with a Cisco ISR router running some kind of FlexVPN/DMVPN setup
back to a network VPN hub. The ISR G3 series has the option of enabling a
built in firewall/IPS. You'd need a RADIUS solution to authenticate the VPN
from the spoke router in the field to the hub and also for 802.1X port
authentication. Depending upon the number of port's you'd need, a
downstream switch may be needed (ISR4331 has optional 4-port PoE switch
module).
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-architecture-implementation/200031-Zero-Touch-Deployment-ZTD-of-VPN-Remot.html

That said, I think this would be a huge headache compared to what can be
done with Meraki. It would also involve a TON of R&D time (believe me).

On Wed, Jun 29, 2016 at 7:38 PM, Tim Raphael <raphael.timothy at gmail.com>
wrote:

> There is a downside to subscription pricing for the vendor: they don't get
> the instant cashflow they're used to. I know Cisco seems to be taking a
> tactic where only some product lines use subscriptions and the others are
> on a typical enterprise 3-5 year replacements cycle to provide Cisco with
> the  large cash injections upon upgrade.
>
> Tim
>
> > On 30 Jun 2016, at 7:00 AM, Seth Mattinen <sethm at rollernet.us> wrote:
> >
> >> On 6/29/16 15:33, Eric Kuhnke wrote:
> >> My biggest issue with Meraki is the fundamentally flawed business model,
> >> biased in favor of vendor lock in and endlessly recurring payments to
> the
> >> equipment vendor rather than the ISP or enterprise end user.
> >>
> >> You should not have to pay a yearly subscription fee to keep your
> in-house
> >> 802.11(abgn/ac) wifi access points operating. The very idea that the
> >> equipment you purchased which worked flawlessly on day one will stop
> >> working not because it's broken, or obsolete, but because your
> >> *subscription* expired...
> >
> >
> > I'm sure most hardware makers would love to lock in a revenue stream of
> "keep me working" subscriptions if they could get away with it. From the
> company's perspective what's not to love about that kind of guaranteed
> revenue?
> >
> > I often wonder if Microsoft will someday make Office365 the only way to
> get Office, which if you don't maintain a subscription your locally
> installed copy of Word will cease to function.
> >
> > ~Seth
>



-- 
Geoffrey Wolf

• Previous message (by thread): automated site to site vpn recommendations
• Next message (by thread): automated site to site vpn recommendations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]