Device required for VPN and Wifi

mohammedrashid459 · ‎07-01-2016

Dear Experts,

Can I use a Cisco SA 500 series Appliances for security, as my business is small.

Does this device support below mention VPN option for remote access

OR can you people please suggest me any cisco device that should give me wireless option and it should support below top 5 VPN option

IPsec Xauth RSA

IPsec Xauth PSK

IPsec hybrid RSA

L2TP/IPsec PSK

L2TP/IPsec RSA

PPTP

IPsec IKEv2 PSK

IPsec IKEv2 RSA

or any cisco device that should be cable of providing Wifi and the above mentioned VPN options for remote access.

As my company is small I don't want to use any VPN application for Remote access, just want to use in build VPN options available in Android and ios.

Your valuable advises and suggestions would be really appreciable.

I have been struggling to find the device that can fulfill my above requirement...Please help me.

Thanks

Mohammed Rashid

Karsten Iwen · ‎07-01-2016

The SA500 might provide VPN and Wifi, but as an EOL device not any security any more.

There are a couple of choices that you have:

ASA 5506W has an integrated AP and has many security-functions and options for VPN. The setup and configuration needs some advanced knowledge.
If you want a device that is really easy to manage, the Cisco Meraki MX64W could be the the best option. Wifi is integrated, VPN is supported by the build-in clients of common OS like L2TP/IPsec.

mohammedrashid459 · ‎07-01-2016

Hi Karsten,

Thanks for your valuable suggestions...really appreciate.

Does this Cisco Meraki MX64W device supports the below mentioned VPN options or can we configure this device to acts as VPN gateway with below options so that the remote users with android or Iphone can connect to this device.

Psec Xauth RSA

IPsec Xauth PSK

IPsec hybrid RSA

PPTP

IPsec IKEv2 PSK

IPsec IKEv2 RSA

Thanks

Karsten Iwen · ‎07-01-2016

no and yes, It doesn't support all these functions, but all common OS are supported:

https://documentation.meraki.com/MX-Z/Client_VPN/Client_VPN_OS_Configuration

mohammedrashid459 · ‎07-01-2016

Then What device would you recommend if I want to go with all those VPN options..please let me know...

There must be some device that supports all those things including wifi

Thanks

Karsten Iwen · ‎07-01-2016

Then go for the ASA 5506W.

mohammedrashid459 · ‎07-01-2016

Then it means all those VPN options and including WIFI feature is available with that device.

Karsten Iwen · ‎07-01-2016

Then it means all those VPN options and including WIFI feature is available with that device.

Basically yes:

1) IPSec xauth and hybrid. That's EasyVPN server. Legacy technology from last century but VPN3000 -> PIX -> ASA have been the typical VPN gateways for this technology with lots of options.

2) IKEv2 with native clients is supported, at least for Windows.

3) PPTP? Don't know if that"s still supported. But you shold use instead clear text communication which has an overall better security level.

Regardless of these options, I would also consider buying Anyconnect licenses for VPN.

mohammedrashid459 · ‎07-01-2016

Hey Karsten,

Thanks very much for your help.

one last question... Till now I was using TPlink wireless 3g router and now I will get rid of that one... for connectivity I was using USB 3G dongle and the IP address was changing very often..

I think I should go for new DSL connection with static public IP for these VPNs to work.

Usually ISPs in my area they take one public IP and do Natting for many home users, as the normal home users they don't need public static IP and due to which we are not able to remotely access our routers.

I think I should request specifically to my ISP for one public static IP.

what do you say on this...Any recommendation on this also would be appreciable.

Thanks

Karsten Iwen · ‎07-01-2016

For all kind of remote access VPN you need to have a public IP that is not filtered from the internet. If the provider only provides a private IP you can't configure any inbound services. If that's the case, you could still use services like Teamviewer or AnyDesk to access the PCs in your office.