[190341] in North American Network Operators' Group
automated site to site vpn recommendations
daemon@ATHENA.MIT.EDU (c b)
Mon Jun 27 16:08:28 2016
X-Original-To: nanog@nanog.org
From: c b <bz_siege_01@hotmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 27 Jun 2016 13:08:24 -0700
Errors-To: nanog-bounces@nanog.org
Situation: We have salespeople/engineers holding temporary seminars/trainin=
g/demonstrations in hotel meeting rooms.
Requirements:=20
field people need a very plug-n-play=2C simple=2C reliable vpn back to corp=
orate offices to present videos/slides/demonstrations. The materials are no=
t accessible via the internet directly=2C they are in a contained environme=
nt at corporate HQ locations but not necessarily on the corp network.the so=
lution should be able to provide wireless to attendees. In some cases=2C gu=
est login will be fine but in some cases the attendees will have registered=
and provided login creds prior to the event=2C and these creds will need t=
o be checked before providing accessthe solution should have the option to =
split tunnel internet traffic out=2C but in some cases they need all traffi=
c tunneled and internet will be via our corporate offices (NDA/legal=2C don=
't ask=2C it's just a requirement provided)
Nice-to-have:
field person should be able to not only access the presentation materials =
(in their contained network) but also the corporate network. Some early att=
empts required a user-vpn connection by the field person over the S2S VPN=
=2C but it made it clunky to switch back and forth. This isn't mandatory=2C=
but it would be nice to provide one solution providing dual-level access: =
restricted to attendees=2C less-restricted to field people
Tried this in the past with basic router/switch/wireless and captive portal=
s because we had some inventory available... it was workable but not quick =
or easy. We really could use a simple solution that you just flip on=2C it =
calls home=2C and works... or as close to that as possible.
Have been looking at Meraki and a couple other low-touch solutions and they=
may do the trick=2C but we are hoping there are lower cost options that pe=
ople have used successfully? We don't mind dealing with some off brands and=
even some custom coding (within reason) as long as the end result is a low=
-touch=2C reliable solution.
Thanks in advance. =
