VPN with both point-to-point and client access

[Ozymandyus]

Good day folks, I have what is hopefully a straightforward configuration I'm working on, but wanted to inquire about it here to see if there was an easier/more straightforward way to do it.

My small company currently has only one physical location, and our IT resources are behind a Cisco RV325 load-balancing router. We will soon be placing a compute server in a co-location space, and want to have secure access to it. In our use scenario we will want seamless access from our main office, but also provide the ability for remote users to access the server via mobile workstations.

The office-to-server part seems straightforward, I would be inclined to install a second RV325 in the colo and configure a point-to-point VPN between it and the one at our office. I don't have as much experience with individual remote clients in this scenario, however. Could we also have those clients setup on the RV325s? If so, I would appreciate suggestions on the best way to configure this.

Alternatively, we are not married to the idea of using this particular hardware either. If another vendor has a solution that would work better for our situation, I'd be very open to using that instead.

Thoughts and suggestions are greatly appreciated, thank you!

 

[Ozymandyus]

I'm surprised to see so many views but no commentary. Is there a different forum where it would be more appropriate for me to ask the question?

 

[umarmung]

Maybe no one answered because the Cisco RVxxx small business routers have been End-of-Life for over a year and just 4 days ago are now End-of-SW maintenance: https://www.cisco.com/c/en/us/produ...wan-vpn-router/eos-eol-notice-c51-738763.html

So, regardless of any other considerations, that's not a device anyone could recommend as either an Internet-facing router or security appliance.

If you need a firewall appliance, a common recommendation in small businesses are Meraki MX series.

However, if you only want an IPSEC VPN router, you won't get better peformance value than a Mikrotik RB1100AHx4 (or the Dude variant Dx4). Unlike a Meraki MX64, which can push a max of 100Mbps , an RB1100AHx4 can do symmetric Gigabit IPSEC forwarding, even with 256 tunnels and AES + SHA256.

 

[Ozymandyus]

Maybe no one answered because the Cisco RVxxx small business routers have been End-of-Life for over a year and just 4 days ago are now End-of-SW maintenance: https://www.cisco.com/c/en/us/produ...wan-vpn-router/eos-eol-notice-c51-738763.html

So, regardless of any other considerations, that's not a device anyone could recommend as either an Internet-facing router or security appliance.

Thank you Umarmung, that's exactly why I asked the question...I know I'm relatively ignorant, and wanted to see what people with more experience have to say. I'll take a close look at the Meraki and Mikrotik and see how they line up. For someone with no experience with those brands, would you say the instructions are sufficient to work out the configurations?