Small Remote Branch Office Network Solutions – IPsec VPN , Openswan , 4G LTE VPN Router and Meraki Cloud

4G LTE VPN Router

Setting up a small branch office connectivity network has become easier over the years with technology improving and cost effective solution.

In today digital world Enterprise network scope of expending the business wings is no more challenging. Every organization is setting up corporate office, small office, operation center, Production plant and sales offices across the globe and need them to connect over the computers networks.

Today we are going to cover up small business network connectivity solution and providing secure remote connectivity to a business network to allow employees to work remote offices and to let them have access to the servers, applications, and file shares as they use commonly.

Even a small business can have several remote offices, especially if employees work from home. Remote offices can access the main office’s network using a VPN, or virtual private network.


VPN – Virtual Private Network –


In the past when wide area networks (WANs) were the logical and most reliable way to connect remote locations. However, WANs require dedicated telecommunications links and networking services to maintain remote connections and it very high cost to maintain. For smaller businesses, a IPsec virtual private network (VPN) is usually very cost-effective.

IPsec vpn technology provide end to end digital data encryption and build a secure channel over the internet in order to connect remote branch location to central Data Center.

A VPN uses the Internet to connect remote sites. Because the Internet is a public network, any data sent over the VPN must be encrypted.

VPNs provide secure connections between locations over the public internet. The site-to-site connection is secure and typically faster than WANs, and it’s less expensive.


Type of IPsec VPN Technology –


Site to Site VPNA site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet.

Remote access VPNA remote-access VPN allows individual users to establish secure connections with a remote computer network. Those users can access the secure resources on that network as if they were directly plugged in to the network’s servers.

Web-VPNWebVPN lets users establish a secure, remote-access VPN tunnel to a security appliance using a web browser. Users do not need a software or hardware client.


Site to Site VPN with 4G LTE VPN Router with SIM Card Slot –


VPN Solution-1-: (4G Mobile Internet connectivity with 4G LTE VPN Router)

The 4G LTE VPN Router with SIM Card Slot is an easy to deploy high performance Virtual Private Network (VPN) router with mobile connectivity to allow easy access to mobile broadband networks. Create a powerful private network for your home or small office with easy setup tools, advanced configuration options, and built-in security features.

High Level Design Requirement –

  • Cellular 4G LTE Internet connection with 4G FIXED IP SIMS
  • Hub/small switch with 8 Ports
  • VPN Gateway – VPN ROUTERS with 4G LTE SIM Module.

VPN Router Recommendation –

  • D-LINK SYSTEMS, INC 4G LTE VPN ROUTER WITH SIM CARD SLOT
  • Cisco 880G and 890G Series 4G LTE 2.0 Integrated Services Routers

Site to Site VPN solution for Small Office with Dynamic IP Internet connection –


VPN Solution-2-: (Site to Site VPN with VPN Router – IPsec Support)

High Level Design Requirement –

  • Residential Internet service with Dynamic IP
  • Hub/small switch with 8 Ports
  • VPN Gateway – VPN ROUTERS  (Linksys LRT214 Business Gigabit VPN Router)
  • DDNS – Register firewall/Vpn gateway (FQDN) with DDNS service provider.
  • Configure IPSec VPN with dynamic IP address instead Static IP.

VPN Router Recommendation – :

  • ZyXEL ZyWall VPN
  • Cisco Systems Gigabit RV325K9NA VPN
  • Linksys LRT224 VPN
  • Dell SonicWall TZ300

VPN Solution-3-:  (Open swan VPN – Linux Gateway)

Open swan is open source use for IPsec implementation for Linux. It has support for most of the extensions (RFC + IETF drafts) related to IPsec, including IKEv2, X.509 Digital Certificates, NAT Traversal, and many others.

High Level Design Requirement –

  • Residential Internet service with Dynamic IP
  • Hub/small switch with 8 Ports
  • VPN Gateway – Linux Box (Ubuntu) – having two interface.
  • DDNS – Register firewall/Vpn gateway (FQDN) with DDNS service provider.
  • Site to Site VPN solution for Small Office with Static IP Internet connection.
  • Configure IPSec VPN with dynamic IP address instead Static IP.

 


Cisco Meraki Cloud Auto-VPN – Small site Solution with MX solution.


Cisco Meraki auto-vpn intelligent features give control to connects branches office securely and easily with one touch configuration. No manual and tedious VPN configuration required.

The Huge benefit in using an End-To-End Meraki Setup, as this will automatically detect IP-Changes on the Remote sites. That means you don’t have to adapt the configuration on the central site, each time such a change happens.

Meraki Cloud Features -:

  • Fast , Easy to use and Secure
  • Auto network change discovery.
  • 100% Cloud Managed Networking.
  • Real time Monitoring and email Alerts.
  • One Touch Configuration.
  • Centrally management network.
  • Scales from small branches to large networks
  • Integrated solution with Auto-VPN and SD-WAN
  • Reduces operational costs.
  • Uniform solution for small and Mid-size network.
  • Easy manageable with limited resource.
  • 3G / 4G failover via CAT 3 LTE

 ➡ Power of Meraki Cloud – : Cisco Meraki technology built on cloud based technology solution provide centralized management, visibility, and control and leverages with powerful management software provide a rich stream of real time information. Cisco Meraki deploys quickly and easily, without training or proprietary command line interfaces.

 ➡ Quick VPN Configuration – : Cisco Meraki end devices automatically connect to the Cisco Meraki cloud over SSL, register with your network, and download their configuration. Cisco Meraki Security Appliances can be remotely deployed in minutes using zero-touch cloud provisioning. Auto VPN technology securely connects branches in 3 clicks, through an intuitive, web-based dashboard.

 ➡ Auto discovery IP peer – : Meraki Auto discovery mechanism enables automatic interconnection of VPN peers and routes across the WAN, and keeps them updated in dynamic IP environments. Whenever dynamic IP change at remote site vpn Cloud automatically update by MX VPN peers.

 ➡ Real time update – : Cisco Meraki dashboard give administrators a real-time view of VPN site connectivity and health. Round trip time latency between peers and availability status information automatically keep track of all the VPN peers in the network.

 ➡ Topology Flexibility – : Hub-and-spoke and full mesh VPN topologies give deployment flexibility, and a built-in site-to-site firewall enables custom traffic and security policies that govern the entire VPN network.

 ➡ Secure Network connectivity – : Cisco Meraki Security Appliances can be remotely deployed in minutes using zero-touch cloud provisioning. Security settings are simple to synchronize across thousands of sites using templates. Auto VPN technology securely connects branches in 3 clicks, through an intuitive, web-based dashboard.

 ➡ Powerful administrators Dashboard – : Cisco Meraki provide a rich stream of real time information to the Cisco Meraki cloud.Meraki cloud providing administrators with real time “remote hands” tools, detailed event logs, searchable databases, and rich reports on application, device, and client usage without compromising efficiency.

 ➡ Split-tunneling – : Configurations for split-tunneling and full-tunneling back to a concentrator at headquarters are fully supported and configured in a single click.


DDNS and Dynamic Gateway-


If you don’t have static IP assigned at internet router (service provide does not provide static IP address for home users/non-commercial uses).

DDNS is designed to also support dynamic (changing) IP addresses, such as those assigned by a DHCP server. That makes DDNS a good fit for home networks, which normally receive dynamic public IP addresses from their internet provider.

You can approach to dynamic dns services like dyndns.com, which allows for public dynamic DNS registration with set up a CNAME DNS entry on your public DNS “VPN.MyCompanyname.com “ for your device and keep dynamically updated CNAME DNS records.

Here is the list that couple of service providers who provides DDNS services such as FreeDNS Afraid (https://freedns.afraid.org) , NoIP (https://www.noip.com) and DYN (https://dyn.com)

Author: Ronnie Singh

Leave a Reply