Right now at my company we are using PPTP Windows VPN for people to connect remotely (dial-in), and we are thinking about maybe using a Cisco solution instead (The kind where you download that cisco client with that yellow lock in the system tray seems to have worked well at places I have been). So I am looking for help with my initial researching of this, particularly keywords, if you can't tell 🙂
- What is this type of VPN called? (most Google results give me the site-site VPNs, which I already know about)
- Can it authenticate against active directory?
- Can I run multiple servers, one at each office location?
- Can my 2800/3800 routers act as the server? If so, In one location, I have a spare 2800, could that act as a dedicated VPN server, would that help me much (Does VPN generate much load per client)? Do I need a particular feature set (IOS version)?
- Is this going to require additional licenses, if so, for each client, server, how is it based?
- Anything else I should know, or maybe be thinking about?
Best Answer
1) This is an IPSEC VPN, although a slightly proprietary cisco version. They can be site to site, or user to site.
2) You can use active directory for authentication, as well as many other sources.
3) If by multiple servers you mean multiple vpn servers as different end points then yes.
4) There are vpn modules available for these units, whether you can use them depends on the load you expect, but for less than a 50 simultaneous users you won't experience much of an issue, and in fact the load they can route is probably much higher. So VPN can generate a lot of load, depends on what your users are doing. I don't know what IOS version you would need to run, try to run the latest you can.
5) I believe licensing is done by simultaneous user -- plus additional incurred cost for hardware modules.
6) Cisco can support web vpn.
6) Cisco vpn is a nice standard solution, especially for Windows based remote workers. However there are a number of lower cost alternatives that implement more generic ipsec and may be appropriate like Sonicwall. Also Juniper makes some decent vpn gear. If you want to go the open source route check out openvpn, probably my favorite vpn implementation anywhere but you need to do some digging to get it working for remote workers and it may not be applicable in your situation.