Lorenzo did a MUM presentation(https://www.youtube.com/watch?v=VeZetH9uX_Y) on how road warriors can can connect with a Mikrotik to automatically configure VPN. Pretty novel idea using inexpensive hardware. It may not be as user friendly as you need, though.
On Tue, Jun 28, 2016 at 11:21 AM, Richard Greasley <greas...@superfund.net> wrote: > Another option is Checkpoint Edge devices. > We use them worldwide with little to no problems. > They're centrally managed and support central logging which is a plus when > trying to diagnose issues. > They support dynamic IP addresses as well, so just plug it in and you > should be good to go. > Not the cheapest solution, but for sure they get the job done. > > Regards, > Richard. > > > -----Original Message----- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Dan Stralka > Sent: Monday, June 27, 2016 6:28 PM > To: Karl Auer > Cc: nanog@nanog.org > Subject: Re: automated site to site vpn recommendations > > I would second Meraki for the situation you describe. I don't feel that > they are the most capable platform, they're expensive, and don't always > present you with all the information you'd need for troubleshooting. > However, the VPN offers great dynamic tunneling, instant-on performance, > and are by far the simplest platform to offer a field person. They're also > tenacious - I've had them connect to the cloud management platform and > build a VPN under some trying circumstances. > > From a security standpoint, they will offer features that will impress for > the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN > tunnel control), and we've found they punch above their weight and their > APs perform fantastically. > > We deploy them worldwide many times per year in similar use cases, > sometimes with 150 users on the LAN. If your routing is simple, you can > define your security policies, and don't need crazy throughput on your VPN, > Meraki is the way to go. Be careful though: they have to be continually > licensed to work and can get pretty expensive if you go for the higher end > gear. Thus far, we've been able to stick to the cheaper stuff and > accomplish our goals. > > Dan > > (end) > On Jun 27, 2016 6:01 PM, "Karl Auer" <ka...@biplane.com.au> wrote: > > > On Mon, 2016-06-27 at 13:08 -0700, c b wrote: > > > In some cases... > > > > The words "in some cases" are a problem with any supposedly plug and > > play solution. > > > > > We really could use a simple solution that you > > > just flip on, it calls home, and works... > > > > ...but still requiring someone to enter credentials of some sort, > > right? Otherwise you have a device wandering about that provides look > > -mum-no-hands access to your corporate network. > > > > MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB > > for a wireless dongle or storage, and has a highly-scriptable operating > > system. Not a bad platform. > > > > Regards, K. > > > > -- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Karl Auer (ka...@biplane.com.au) > > http://www.biplane.com.au/kauer > > http://twitter.com/kauer389 > > > > GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > > Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 > > > > -- GregSowell.com TheBrothersWISP.com
