Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
5
Helpful
1
Replies

Cisco Broadband router for China

dtran
Level 6
Level 6

‎04-11-2007 09:34 AM

I am looking to bring up a small office in China over DSL/VPN. I am looking at the Cisco 870 series routers but not sure which model to get. Can someone tell me what type of DSL is avialable in China ? and which 870 series router I should get ?

And any past experience or advice is highly appreciated.

Thank you in advance !!!

Danny

Labels:
0 Helpful
1 Reply 1

joeferdinandi
Level 1
Level 1

‎04-15-2007 06:46 PM

Danny,

DSL in China is pretty much like DSL here in the US. The service will be delivered on a plain telephone line. The local telco will provide a DSL modem and an ethernet hand-off. You can get fixed IP public addressing or take a dynamic IP. You can connect to the ethernet port on the DSL modem and build the VPN tunnel back to your VPN hub on the Internet. That's the good news. Unfortunately there is also bad news. The Chinese government heavily scans all Internet traffic going into or out of China. This dramatically effects latency and causes many dropped packets. I have made several attempts at building VPN tunnels to support small offices, and performance was so bad that we ended up connecting the office to our private company network. I have used DSL from different providers and I?ve also tried traditional private line connections to the Internet. It didn?t make a difference the government scans all international Internet traffic. When I say ?scan?, I believe that they are just looking for unauthorized use of the Internet. I don?t think they are trying to crack the 3DES encryption and look into the VPN packets. I still have 2 VPN connections coming out of Shanghai but they are purely as backup to the private network. They are tolerable for backup but not for a primary connection. The two large providers in China are 'China Telecom' in northern China and 'China Netcom' in southern China. I had performance issues with both. Also be aware that VPN within China works just fine. So if you are trying to VPN from Shanghai to Beijing it will work well. It?s just the international connections that stink. This has allowed some local vendors to provide unique solutions to bypass the government scanning. For example there?s a company (I believe the name is CN-Net) which let?s customers in China VPN to their hub site in China, and then the traffic rides a private network to the US, and then the traffic pops out into the US Internet. I haven?t tried any of the unique solutions.

So the bottom-line is I haven?t had any luck with international VPN tunnels coming of China. If you try it, I hope you have better luck that I did. Also the model of equipment won't matter as long as it has the required VPN features and interfaces. I used both Cisco 1711 and 1811 routers. They worked as expected and were not the problem. FYI, the equipment was purchase in China because it's difficult to import equipment that supports encryption.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents