[190342] in North American Network Operators' Group
RE: automated site to site vpn recommendations
daemon@ATHENA.MIT.EDU (Shawn L)
Mon Jun 27 16:17:46 2016
X-Original-To: nanog@nanog.org
Date: Mon, 27 Jun 2016 16:17:41 -0400 (EDT)
From: "Shawn L" <shawnl@up.net>
To: "c b" <bz_siege_01@hotmail.com>
In-Reply-To: <BLU171-W674C85E835315D2952470CAB210@phx.gbl>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
=0AWe use the Meraki series -- MX @ the main office, and Z1 for the remote,=
or just 2 Z1 units if it's a small network and they work great. =0A =0AWe=
've even gone so far as to utilize Avaya ip phones over the link so the tel=
eworker's extension works wherever they are. I have to say, compared to a =
PIX or ASA, etc. they are about the simplest VPN setup you'll ever come acr=
oss. We've even had cases where the Z1 was behind a fairly restrictive NAT=
, and it was able to establish a session and work great. =0A =0ADefinitely =
not the cheapest, but if you can get by with just a couple of Z1s the cost =
isn't too bad.=0A=0AShawn=0A =0A =0A-----Original Message-----=0AFrom: "c b=
" <bz_siege_01@hotmail.com>=0ASent: Monday, June 27, 2016 4:08pm=0ATo: "nan=
og@nanog.org" <nanog@nanog.org>=0ASubject: automated site to site vpn recom=
mendations=0A=0A=0A=0ASituation: We have salespeople/engineers holding temp=
orary seminars/training/demonstrations in hotel meeting rooms.=0ARequiremen=
ts: =0Afield people need a very plug-n-play, simple, reliable vpn back to c=
orporate offices to present videos/slides/demonstrations. The materials are=
not accessible via the internet directly, they are in a contained environm=
ent at corporate HQ locations but not necessarily on the corp network.the s=
olution should be able to provide wireless to attendees. In some cases, gue=
st login will be fine but in some cases the attendees will have registered =
and provided login creds prior to the event, and these creds will need to b=
e checked before providing accessthe solution should have the option to spl=
it tunnel internet traffic out, but in some cases they need all traffic tun=
neled and internet will be via our corporate offices (NDA/legal, don't ask,=
it's just a requirement provided)=0ANice-to-have:=0A field person should b=
e able to not only access the presentation materials (in their contained ne=
twork) but also the corporate network. Some early attempts required a user-=
vpn connection by the field person over the S2S VPN, but it made it clunky =
to switch back and forth. This isn't mandatory, but it would be nice to pro=
vide one solution providing dual-level access: restricted to attendees, les=
s-restricted to field people=0ATried this in the past with basic router/swi=
tch/wireless and captive portals because we had some inventory available...=
it was workable but not quick or easy. We really could use a simple soluti=
on that you just flip on, it calls home, and works... or as close to that a=
s possible.=0AHave been looking at Meraki and a couple other low-touch solu=
tions and they may do the trick, but we are hoping there are lower cost opt=
ions that people have used successfully? We don't mind dealing with some of=
f brands and even some custom coding (within reason) as long as the end res=
ult is a low-touch, reliable solution.=0AThanks in advance.
