Alternatives to VPN's?

New to the networking world and just wanted some insight on if there are other options out there for our business. Currently we have quite a few remote sites that we have connect to a Cisco 871 Integrated Services Router which is configured with a vpn tunnel using a static ip so that our users can access network resources and printers. Just curious as to if this is the best way to do this or if we should look at newer technology in order for our end users to access network resources remotely.

A VPN is a VPN no matter what you call it.

If you just need to link 2 sites together you could get a private fiber line ran but if you are talking about a work from home solution, it will have to be VPN.

You could look at DMVPN (or MPLS if you have a budget)

You have several remote sites that connect to a 871 (12.5mbps thruput) in 2015?

Ask to purchase a real firewall. Also - yes VPN is the best way to do this unless you have money to spend on MPLS.

I would just do DMVPN - the hardware supports it and it’s easier to manage than several static IPSEC tunnels.

Ok, I think we’re making recommendations without understanding what your actual requirements are. A VPN is a VPN, it’s just a matter of the strength and ease of setup - whether you want manual establishment or dynamic establishment. Either way, you’re going to want some sort of VPN present. Now, what type of VPN is a matter of what your business goals are: Do you want to minimize cost? Do you want strength? Do you want dynamic establishment? Do you have dedicated circuits or are you going over the public internet? What applications are you running that might need to access your enterprise network either on demand or constantly?

If you provide more detail we can help you determine what’s best for your network.

Absolutely nothing wrong with ipsec vpn. You could pay for mpls but that’s basically just paying an isp to configure the vpn for you.

A new technology however which removes the requirement of vpn is ipv6. There’s such a large ip space there’s no need to NAT and there is no private network need anymore.

The problem is that Cisco 871 is that you’ll likely need a special firmware to get ipv6 to even work.

A VPN by any other name is still a VPN.

Why exactly are you trying to find an alternative? Does this not work perfectly well?

Depending on what you are trying to reach remotely there are many other solutions for remote access. Citrix, windows remote application, VDI, etc.

That said, the site will need internet access to use any of the above methods and if you have a firewall (seriously you should) then a site to site IPSec VPN tunnel really is your easiest option.

If response time, uptime or latency are an issue and/or business concern then your best bet is a private connection like MPLS (see paying out the ass).

Exactly, Point-to-Point or MPLS circuits are expensive as fuck, IPsec VPNs are way cheaper.

The most basic Verizon MPIP access at 5 or 6 Mbps you can get in the EU will still cost you around 4.000 Euros a month compared to around 800 for a 10/10 Mbps SDSL Internet Access if memory serves.

Cool I’ll have to check those out.

What meraki does with VPN is awesome but unfortunately not ready for large scale, multi-tenant environments.

There doesn’t need to be encryption for it to still be considered a VPN.

Low cost would work for now I’m thinking. Right now the network resources that are needed are network file shares and some in-house software that connects back to our server.

Depends where you are. EFM and FTTC are more budget options that you can deliver MPLS services over. EFM will do 2 - 20mbit symmetrical, FTTC does 10-20 up 40-80 down.
FTTC can be had for a couple of hundred a month, EFM is more 300-400 but more widely available.

something you have to keep in mind is that Meraki has been a huge cash cow for Cisco and they will be investing heavily in that technology. while Viptela may be better now, in 3 years would you rather have Meraki’s sitting at all of your sites or Viptela’s (i.e. a startup that’s just waiting to be bought out)?

that doesn’t sound like a very Private Virtual Network. :wink:

Good luck with your network staying private without encryption.

Quite right, have a upvote!

The lowest cost would be just basic IPSec VPN’s like you have for the moment. It’s simple and can be done on most hardware, Cisco or otherwise. If you want to invest in more design, you can invest in a DMVPN network that is dynamically established, and then you can decide on the phase depending on whether you need site to site communication or not. If you do some sort of MPLS, it comes down to whether you trust your provider or whether it’s self hosted, and that way you can determine whether to do VPN over the top of it, and whether it would be GETVPN with private addresses, or DMVPN with public addresses.

Long story short, stick with what you have, perhaps use the internet if you have dedicate circuits, since you’re not doing real time. Otherwise, it should work the way you want it and it’s cheap and simple.