1

I'm currently tasked to setup a VPN solution for a small business with multiple branches. The objective of the VPN is to connect each branch to allow them to share their local resources(file servers, printers, etc.).

I've read in multiple places around the net about firewalls with VPN server capabilities and countless guides on how to setup openvpn and openswan on CentOS plus a few articles about CISCO VPN solutions

So the big question is, Ideally, Which device is more suited to be a VPN server. What are the pros and cons of using one device over the other.

Chetan Bhargava
  • 245
  • 5
  • 15
maru
  • 13
  • 4
  • I've setup Site-To-Site VPNs using Sonicwall, OpenVPN, Fortinet, Checkpoint, and Meraki products. I have found the Meraki's VPN concentrator module of their Security Appliance products to be one of the easiest and most reliable. Plus the cloud management dashboard lets you access each device from anywhere with an Internet connection and push out changes. Very intuitive and straight forward. – rws907 Jan 23 '13 at 06:16
  • Thanks for the wonderful product line suggestion, I never knew they existed until now. But what can you say about Meraki's support? I see they're now part of Cisco, but just to be sure about the quality of support and performance. And how would you rate its performance against Fortigate and other similarly speced Cisco devices – maru Jan 23 '13 at 06:27
  • Meraki's support is phenomenal and you can get a free trial of the equipment when you talk to a sales rep. They do advanced RMA and the license covers the device fully for the term you choose. They have a wide range of features and are adding more and more every week. You can even suggest features for them to add down the road. Yes, Cisco did buy them out, and I was worried about that at first because I thought it was a simple buyout of competition that would be liquidated but that's not the case. Performance wise, the benchmarks I ran against SW, Fortigate, et al, showed significant benefits. – rws907 Jan 23 '13 at 15:30

1 Answers1

0

I prefer hardware devices. For the price, a Cisco ASA 5505 is a great solution for remote and site-to-site VPN for small offices. I prefer VPN endpoints to be purpose-built or dedicated hardware, but from a functionality perspective, software-based VPN also does the job. This will really come down to your preferences.

Also see:

Hardware firewall vs VMware firewall appliance

Hardware Firewall Vs. Software Firewall (IP Tables, RHEL)

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • What can you say about performance of a router(cisco 1921 ISR) VPN solution against a Firewall(Cisco ASA5505) VPN solution? I'm thinking of going with a hardware solution but not sure wether to go for a router or a firewall – maru Jan 23 '13 at 06:29
  • I prefer firewall. But it depends on your needs, expertise, resources and environment. – ewwhite Jan 23 '13 at 06:41
  • can you give me some pros of using a firewall over a router? – maru Jan 23 '13 at 06:51
  • or when should a firewall be used over a router? sorry, I couldn't edit my last post. – maru Jan 23 '13 at 07:01
  • more functionality. bu that is moot anyway as most routers are firewalls these days. – TomTom Jan 23 '13 at 07:01