08-06-2012 02:00 PM
We have 2 remote employees who have off/on difficulties with their software VPN client. We're preparing to roll out VoIP phones to them, and don't want to open up our internal PBX to the net. I would like to kill 2 birds with 1 stone by providing a hardware VPN to each employee in order to establish a gateway 2 gateway IP Sec VPN between their home office and the main office. This should provide a more reliable connection and higher throughput, while allowing for the VoIP phone to connect through the VPN tunnel thus keeping our internal PBX secured. So far so good. From what I can tell the rv120w, rv220w, or cisco asa 5505 would do the trick. Now for the difficulty - I don't want all personal traffic (Netflix streaming, whatever) from their homes traveling through the VPN tunnel. So I'd like to allow the employee to maintain their own personal network, and within that personal network would be the hardware VPN device providing a secondary network using the VPN tunnel.
It would look like this:
web :
home wireless router: (dynamic public IP, 192.168.1.x private subnet)
personal computer
laptop
network TV, etc
hardware VPN device: (192.168.1.1 WAN IP, 192.168.2.x private subnet), IPSec VPN tunnel to main office (should use main office internal DNS)
VoIP phone (192.168.2.1)
Office computer (192.168.2.2)
Seems straightforward to me, but concerned about going through two NAT. Seems like this would be the most preferred configuration for a home office that is sharing a single internet connection. Found an old Cisco product that was geared towards this specific scenario - the Cisco VPN 3002; but it is end of life.
I'm also a bit wary of the poor consumer reviews of the various Cisco RV line routers. Considering the Zyxel Zywall USG 20 as an alternative.
Solved! Go to Solution.
08-06-2012 02:07 PM
The RV120 and RV220W support split tunnel site to site VPN, therefore all 'cluttered' traffic would remain local to the home networks while the VPN traffic is exactly that.
You may want to consider installing one of the forementioned routers at the home locations to avoid double-NAT or additional purchases. The hardware VPN device does not seem practical considering the expense of a gateway to gateway VPN router is pretty inexpensive.
-Tom
08-06-2012 02:07 PM
The RV120 and RV220W support split tunnel site to site VPN, therefore all 'cluttered' traffic would remain local to the home networks while the VPN traffic is exactly that.
You may want to consider installing one of the forementioned routers at the home locations to avoid double-NAT or additional purchases. The hardware VPN device does not seem practical considering the expense of a gateway to gateway VPN router is pretty inexpensive.
-Tom
08-06-2012 04:25 PM
Thanks Tom. We'll give the split tunnel site to site VPN a try using just the Cisco router.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide