Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Site-to-Site VPN Connection


129 posts

Master Geek


Topic # 175261 23-Jun-2015 12:54
Send private message

Hi There,

I've got two offices A&B want to connect together via internet through VPN. 

Office A, Orcon UFB with NetComm nf4v router.
Office B, Spark VDSL(moving to UFG in a few weeks) with Huawei HG659b router.

Is it possible to connect them together that we can share Diskstations as network drives and printers PBX phones etc.?

Thank you very much for your helps in advance. 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
1202 posts

Uber Geek
+1 received by user: 133


  Reply # 1329866 23-Jun-2015 13:19
Send private message

Don't know about those routers but even if they could create a tunnel you really need a router that's capable of hardware acceleration to get the best speeds and QOS for your VoIP phones.

cisconz
1153 posts

Uber Geek
+1 received by user: 76

Trusted
Subscriber

  Reply # 1329883 23-Jun-2015 13:42
One person supports this post
Send private message

I would not be using ISP supplied routers for VPN connections.
1 reason for this is that I have seen them have their configurations reset on multiple occasions when the ISP makes a changer on their end.
Secondly, you would be far better to have 1 ISP in both locations to ensure your VPN traffic is staying within 1 core network and not relying on ISP - ISP transit links.




Hmmmm

 
 
 
 


251 posts

Ultimate Geek
+1 received by user: 110


  Reply # 1329918 23-Jun-2015 14:22
One person supports this post
Send private message

A pair of Cisco 897's will do this job very nicely.  Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html




Try my latest project, a Cisco type 5 enable secret password cracker written in javascript!

2090 posts

Uber Geek
+1 received by user: 848


  Reply # 1329920 23-Jun-2015 14:30
Send private message

pdath: A pair of Cisco 897's will do this job very nicely.  Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html


What sort of throughput would you seen on that?

An 887VA struggled just routing and NAT on a 100Mbps UFB connection.

1202 posts

Uber Geek
+1 received by user: 133


  Reply # 1330010 23-Jun-2015 15:52
2 people support this post
Send private message

Cheapest with hardware acc is Edge Router Lite - if you're going to go down that path then get someone skilled in using the ERL to configure it.

In fact i'd recommend that you consult an expert to get a good scope of your project requirements because VPN done wrong will frustrate everyone working in the business.



129 posts

Master Geek


  Reply # 1330027 23-Jun-2015 16:11
Send private message

Thank you all for your replies!

Do I really need a pair of cisco c897s? 
They seem quite expensive. 

Is there any other alternative hardware I can choose, If I can not use ISP provided ones?

1561 posts

Uber Geek
+1 received by user: 464

Subscriber

  Reply # 1330322 24-Jun-2015 00:29
Send private message

CBSYS: Thank you all for your replies!

Do I really need a pair of cisco c897s? 
They seem quite expensive. 

Is there any other alternative hardware I can choose, If I can not use ISP provided ones?



The Ubiquity Edge router lite. As mentioned above.

I have one on my own connection. Works really well on UFB.





4914 posts

Uber Geek
+1 received by user: 1953

Trusted
Subscriber

  Reply # 1330332 24-Jun-2015 07:39
2 people support this post
Send private message

I use Draytek 2800 series for site to site VPN




Chorus has spent $1.4 billion on making their xDSL broadband network faster. If your still stuck on ADSL or VDSL, why not spend from $150 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

2993 posts

Uber Geek
+1 received by user: 829

Subscriber

  Reply # 1330335 24-Jun-2015 07:45
One person supports this post
Send private message

Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.

251 posts

Ultimate Geek
+1 received by user: 110


  Reply # 1330338 24-Jun-2015 07:46
Send private message

wasabi2k:
pdath: A pair of Cisco 897's will do this job very nicely.  Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html


What sort of throughput would you seen on that?

An 887VA struggled just routing and NAT on a 100Mbps UFB connection.


An 887VA will do 50Mb/s to 70Mb/s.  An 897 can flat line a 100Mb/s circuit with a little breathing room.




Try my latest project, a Cisco type 5 enable secret password cracker written in javascript!

1202 posts

Uber Geek
+1 received by user: 133


  Reply # 1330367 24-Jun-2015 09:01
Send private message

chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.


Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.

2993 posts

Uber Geek
+1 received by user: 829

Subscriber

  Reply # 1330433 24-Jun-2015 09:54
Send private message

nitrotech:
chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.


Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.


Actually yea that's a good point. More referring to PPPoE throughput. And you are right, with IPSec they seem to top out around 10-12Mbps.

So instead of the 2011 perhaps the 850Gx2?

1202 posts

Uber Geek
+1 received by user: 133


  Reply # 1330458 24-Jun-2015 10:09
Send private message

chevrolux:
nitrotech:
chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.


Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.


Actually yea that's a good point. More referring to PPPoE throughput. And you are right, with IPSec they seem to top out around 10-12Mbps.

So instead of the 2011 perhaps the 850Gx2?


No hardware acceleration on the 850 until V2 is released and this could be some time away.

3347 posts

Uber Geek
+1 received by user: 359

Trusted

  Reply # 1330460 24-Jun-2015 10:11
One person supports this post
Send private message

You could go PFsense and build your own. A pre-built device is probably easier in which case look at Mikrotik or maybe Ubiquiti?

BTW thinking of something as "expensive" can actually cost you more in the long run. Investing up front for a more reliable service is usually good business sense.





cisconz
1153 posts

Uber Geek
+1 received by user: 76

Trusted
Subscriber

  Reply # 1330487 24-Jun-2015 10:41
Send private message

The other option would be to outsource it to someone like Mako Networks. They provide a managed firewall service with 2 click VPN's




Hmmmm

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Behind Spark’s slow-burn 4.5G plan
Posted 26-Jun-2017 16:23

Red Hat unveils production-ready open source hyperconverged infrastructure
Posted 23-Jun-2017 22:10

Whatever ailed Vodafone broadband … seems to be fixed
Posted 23-Jun-2017 14:10

VMware NSX Meets Stringent Government Security Standards with Common Criteria Certification
Posted 22-Jun-2017 19:05

Brother launches next-generation colour laser printers and all-in- ones for business
Posted 22-Jun-2017 18:56

Intel and IOC announce partnership
Posted 22-Jun-2017 18:50

Samsung Galaxy Tab S3: Best Android tablet
Posted 21-Jun-2017 12:05

Wellington-based company helping secure Microsoft browsers
Posted 20-Jun-2017 20:51

Endace delivers high performance with new 1/10/40 Gbps packet capture card
Posted 20-Jun-2017 20:50

You can now integrate SMX security into Microsoft Office 365, Google and other cloud email platforms
Posted 20-Jun-2017 20:47

Ravensdown launches new decision-making tool HawkEye
Posted 19-Jun-2017 15:38

Spark planning to take on direct management of all consumer stores
Posted 19-Jun-2017 10:03

Qrious acquires Ubiquity
Posted 14-Jun-2017 12:21

Spark New Zealand prepares for 5G with Nokia
Posted 14-Jun-2017 12:16

The future-proof 10.5-inch iPad Pro
Posted 13-Jun-2017 18:16


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.