Small Company VPN?

[OoteR02]

I'm working for a company that is trying to setup a VPN system to no less than 3 branch offices, and a few roaming users. I've done some research and was hoping someone else out here had some decent ideas.

First off, our goals are the following:

Remote VNC-like connections to the few branch office computers
Ability to log remote users into our Server 2003 A/D Domain
Route all internet traffic through their local network connection, not the VPN.

Does anyone know of a system that can do this for us? IPSec would likely be plenty of security for us. I have looked into watchguard and sonicwall's systems, but they all are pretty pricey, and quite frankly we have a watchguard firewall right now that I'm not entirely impressed with (half the featureset so far has been nothing but a pain).

So far, other than canned hardware solutions, I'm not seeing many other options. I've looked at possibly using IAS/RAS, but we only have the one main domain controller at this time, and that doesn't seem like a great idea to run all of that on the one box that is currently critical to our daily operations.

Thanks for an ideas!

 

[p0lar]

Do you have any estimates on the potential bandwidth and packet per second usage between sites? This will play a significant part in any hardware purchases. Will the branch offices be routing any traffic between each other? (i.e. VoIP RTP)

 

[OoteR02]

The only real traffic that is of any importance between sites will be some spreadsheet sharing and simple domain logins. There may be some printer traffic, but most likely no VOIP (the internet connections in this area simply aren't very stable.. and it would be a test in futility to be honest.)

I wouldn't be afraid of using a linux box of some sort behind our other routers with port forwarding, and we do have a few boxen sitting around that could be used for just that purpose. The only issue would be one of simple setup and maintenance, I don't want to force my boss to learn linux in any way, shape, or form other than having to follow a simple procedure to get something done. (hell, a decent GUI would likely be a requirement, something similar to smoothwall)

Our bandwidth will be low, most likely the highest upload rate from a remote site we will see will be 512Kbps, and even that is likely high. Our main office gets ~1.5 Mbps upspeed at a max.

 

[Genx87]

I use Juniper firewalls for my vpn connections between branch offices. You may like the functionality and robustness of Juniper over watchguard. I also have a watchguard that is perfoming duty on a wireless network off our network for clients. I also didnt think much of their functionality.

I use Microsofts PPTP VPN for remote users on the road who want to log in and grab files.

 

[p0lar]

Originally posted by: OoteR02
The only real traffic that is of any importance between sites will be some spreadsheet sharing and simple domain logins. There may be some printer traffic, but most likely no VOIP (the internet connections in this area simply aren't very stable.. and it would be a test in futility to be honest.)

I wouldn't be afraid of using a linux box of some sort behind our other routers with port forwarding, and we do have a few boxen sitting around that could be used for just that purpose. The only issue would be one of simple setup and maintenance, I don't want to force my boss to learn linux in any way, shape, or form other than having to follow a simple procedure to get something done. (hell, a decent GUI would likely be a requirement, something similar to smoothwall)

Our bandwidth will be low, most likely the highest upload rate from a remote site we will see will be 512Kbps, and even that is likely high. Our main office gets ~1.5 Mbps upspeed at a max.

What does your budget look like on this? Have you considered outsourcing it?

 

[OoteR02]

What vendor did you get that juniper hardware from?

 

[OoteR02]

I'm assuming we are looking at the sub-$2000 range for spending.

The connections are all installed, it's just a matter of finding the right appliance or system to implement at this time.

I'm going to look more into the smoothwall possibilities, but at this point I'm pretty stumped, hence the asking for advice.

And no, we likely couldn't outsource this, for one there isn't going to be anyone in the area with much expertise on this subject. (lol, our county government didn't even have anti-virus on its 85 or so windows machines for the past 7 years, the technology "sector" is laughable in this area to say the least.)

 

[nweaver]

have you looked at the openVPN project?

 

[Genx87]

Originally posted by: OoteR02
What vendor did you get that juniper hardware from?

Believe from PCConnection but it was purchased before I started.
We got the Netscreen 5XTs.

There is a bit of a learning curve to them, but once you get a handle on the ropes. I think it is a very nice device.

 

[OoteR02]

so far nothing about the openvpn stuff is 'easy.' I'm sure I could get it setup and configured, but it may not work so well for my boss.

 

[her209]

Cisco?