Right now my org is using Cisco routers with IPsec VPN between our HQ and our remote locations, but we have something of a unique challenge in that several of our remote locations pick up and move each week and make use of whatever Internet connection is available, so we're often behind NAT and have no control over the devices in front of us.
Recently, we've had a lot of trouble where our IPsec VPN connections won't come up for whatever reason (we're assuming it's being blocked by whatever devices are in front of our remote routers), so we're looking at switching to something that uses SSL VPN instead of IPsec since it's much harder / less common to find SSL being blocked.
We're currently running ASA 5515Xs at our HQ and are planning to upgrade to Firepower 1120s early next year.
All of our remote site routers are fairly ancient (we still have some 8xx series routers), so we're looking at updating those and are interested in something that can do basic networking (i.e. NAT, stateful firewall, DHCP, etc), plus site-to-site SSL VPN, and ideally WiFi in a single box. These boxes are transported and hooked up by non-technical staff, which is why we'd like as close to an all-in-one solution as possible.
From talking to our Cisco VAR, it sounds like Cisco are all in on DMVPN and don't really have anything in the way of SSL VPN for site to site connections.
If we can get whatever new remote devices we go with to terminate to our ASAs, great, if we need to get another box for the HQ side of things that's OK too. Just trying to get a feel for what's out there since it's been a while since I've looked at this sort of stuff.
No comments:
Post a Comment