Multi-city site-to-site VPN recommendations

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

KCL

New Around Here
Hello!

First post. I am making recommendations for someone who is expanding to a second office across the country (main is in FL, new office in AZ) and I've loved my AX88U from the day I installed it (parental controls notwithstanding!). I set up a test VPN between my home office and my brother's office (Chitown <-> LA) with little difficulty but no real-world load on it. The traffic would be primarily documents, possibly video and replication between two NASes over the course of the day. VOIP is another possibility.

I need to set up a secure, site-to-site VPN and was thinking of going with ASUS (maybe an 89X?). Does the forum agree that this would be a good choice, or are there better?



Thanks in advance!

Scott.
 

ColinTaylor

Part of the Furniture
I would use business class routers for err.. a business. Maybe a Cisco RV340. I wouldn't use home wireless routers. @Trip has probably got some recommendations.
 

Trip

Very Senior Member
@KCL - Welcome. As @ColinTaylor suggested, presuming this is for an actual business, and not just two in-home "offices", I would move beyond consumer products and put in SMB (or higher) grade gear. The differences may not be that apparent at first glance, but in a nutshell you'll get a more purpose-built, well-supported tool for the job.

If the all-in-one form factor is of primary concern, there are plenty of options with wireless onboard -- example: Cisco RV-series "W" models (RV260W, etc.).

Going a step further into the technical weeds: depending on how crucial the link is, you might want to consider SD-WAN as well. This is yet another area where consumer products will simply fall short. Most enterprise-class firewalls not only have this capability built-in, but can be centrally managed and deployed with zero-touch-provisioning (ZTP) -- two things that may be very beneficial, if not critical, if you remain as a remote consultant / support tech type resource for the business. Example product: Untangle SD-WAN Router.

Hope that helps. Any questions, feel free.
 

KCL

New Around Here
Boy, did I come to the right place.

All the input is very much appreciated. My research continues! Feel free to add any other thoughts into this thread as they occur to you...
 

Samir

Very Senior Member
I run multiple site-to-site connections exactly how you are planning to do. :) So here's my recommendations.

1. No consumer gear except for wifi. Routers route, access points are for access (if you need wireless, otherwise wired>wireless).
2. Smb products like the rv-series are a good place to start, but they are not the value that they once were since used enterprise gear can do the same thing better at the same price. I personally started my foray into site-to-site vpns and multiwan back with the rv016.
3. Used enterprise stuff like fortigates, watchguard, sonicwall, etc are now effectively cheap enough that a business can get something like this as a first step. You can even find open box new stuff at deeply discounted prices if you know where to look (PM me) that will get you all the support and everything of a new enterprise device at near the cost of used or smb gear (this is how we were able to afford our normally $2200 unit and were able to upgrade to enterprise grade).

The main thing you get with gear in the number 2 and 3 categories is reliability. When we initially started, it was on a zero budget, so I had to use whatever I found in closets and utility chases that had the word 'vpn' in it, which was the netgear FVS series as well as the Cisco rv016s I had. While it worked, it would frequently need to be rebooted, wasn't as fast, etc. As we upgraded to enterprise gear, the reliability became apparent as well as the addition of features (like multi-wan where we could use different wan connections for different location tunnels), but buying new was out of the question until we ran into a deal that allowed us to make the move. Today, the connection is rock stable and uses nearly nothing from our equipment since what we have is so overpowered that I don't think I've even seen the cpu move off of 0% in the graphs. Once you have a setup like this, you can worry about business and not the technology powering it.

I really love site-to-site vpn tunnels as they allow a lot of neat things to be done since you can pretty much 'marry' two networks into one logical arrangement even though they're physically apart. Many things that were never designed for remote management, etc are easily able to be accessed and even items that are designed for remote access can have that shut off to improve security and simply accessed like they were on the local lan. This is how I work today watching and working with things at 3 physical sites across the country--all of them on one screen as if they were all right here. It's a pretty incredible productivity boost, not to mention a great way to create redundancy as well with remote storage backups and more.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top