nanog mailing list archives
Re: automated site to site vpn recommendations
From: Geoff Wolf AB3LS <liltechdude13 () gmail com>
Date: Wed, 29 Jun 2016 22:50:39 -0400
I have a feeling that most if not all of the requirements you have could be achieved with a Cisco ISR router running some kind of FlexVPN/DMVPN setup back to a network VPN hub. The ISR G3 series has the option of enabling a built in firewall/IPS. You'd need a RADIUS solution to authenticate the VPN from the spoke router in the field to the hub and also for 802.1X port authentication. Depending upon the number of port's you'd need, a downstream switch may be needed (ISR4331 has optional 4-port PoE switch module). http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-architecture-implementation/200031-Zero-Touch-Deployment-ZTD-of-VPN-Remot.html That said, I think this would be a huge headache compared to what can be done with Meraki. It would also involve a TON of R&D time (believe me). On Wed, Jun 29, 2016 at 7:38 PM, Tim Raphael <raphael.timothy () gmail com> wrote:
There is a downside to subscription pricing for the vendor: they don't get the instant cashflow they're used to. I know Cisco seems to be taking a tactic where only some product lines use subscriptions and the others are on a typical enterprise 3-5 year replacements cycle to provide Cisco with the large cash injections upon upgrade. TimOn 30 Jun 2016, at 7:00 AM, Seth Mattinen <sethm () rollernet us> wrote:On 6/29/16 15:33, Eric Kuhnke wrote: My biggest issue with Meraki is the fundamentally flawed business model, biased in favor of vendor lock in and endlessly recurring payments totheequipment vendor rather than the ISP or enterprise end user. You should not have to pay a yearly subscription fee to keep yourin-house802.11(abgn/ac) wifi access points operating. The very idea that the equipment you purchased which worked flawlessly on day one will stop working not because it's broken, or obsolete, but because your *subscription* expired...I'm sure most hardware makers would love to lock in a revenue stream of"keep me working" subscriptions if they could get away with it. From the company's perspective what's not to love about that kind of guaranteed revenue?I often wonder if Microsoft will someday make Office365 the only way toget Office, which if you don't maintain a subscription your locally installed copy of Word will cease to function.~Seth
-- Geoffrey Wolf
Current thread:
- Re: automated site to site vpn recommendations, (continued)
- Re: automated site to site vpn recommendations Greg Sowell (Jun 29)
- Re: automated site to site vpn recommendations Paul Nash (Jun 29)
- Re: automated site to site vpn recommendations Shawn L (Jun 29)
- Re: automated site to site vpn recommendations Rich Testani (Jun 29)
- RE: automated site to site vpn recommendations c b (Jun 29)
- Re: automated site to site vpn recommendations Eric Kuhnke (Jun 29)
- Re: automated site to site vpn recommendations Spencer Ryan (Jun 29)
- Re: automated site to site vpn recommendations Seth Mattinen (Jun 29)
- Re: automated site to site vpn recommendations Karl Auer (Jun 29)
- Re: automated site to site vpn recommendations Tim Raphael (Jun 29)
- Re: automated site to site vpn recommendations Geoff Wolf AB3LS (Jun 30)