IP Technology Distribution
972.831.1600

VPNs in a World of Everything Remote. Managing Devices & Remote Services

 

Customers are contemplating alternatives to do EVERYTHING REMOTE and need solid technology solutions that are easy and fast to deploy, secure and can be managed remotely. 

Companies have on-premise services that need to be accessed like local storage, PBXs, Access Control systems,  IP surveillance or special network or application servers that are usually only reachable from the local LAN. Others also have application resources in the cloud like ERP, CRM, Payroll, cloud file storage that, for security reasons, are firewalled and can only be accessed from the Office-known public IP addresses.

Many MSPs and integrators are being asked for ways to enable remote users to securely connect to companies’ digital services and resources. 

 

Don't Risk Your Network: Port Forwarding is a Security Threat

 

The first thing that may come to mind is setting up some port forward rules in the company router facing the public Internet. That is the least desirable way to do this as it represents a security threat by leaving these services open to the world since simple passwords and the login prompts of many devices and service as not safe enough to withstand brute force attacks or smart attacks that identify devices they can find and know all known weaknesses of of specific devices to automatically hack them. It won’t be long before a malicious port scanner discovers the ports you have forwarded and starts trying to hack your internal devices. Most solutions also are tedious for the IT Team that now need to manage security and access. Of course this might infringe security regulatory rules such as HIPAA, PCI, SOX, GDPR and others.

 

More experienced and secure conscious IT professionals will recommend establishing VPN tunnels from remote users’ computers or networks. That is when the quest to find, learn and test  an easy to configure, affordable VPN server device starts. Don’t spend days or weeks on this with trial and error. 

Advanced routers offer VPN and firewall features

 

The VPN server and firewall functions are now incorporated in smarter, advanced routers. Such routers can be called next generation routers, security routers, VPN routers, Internet Gateways, etc. Unfortunately most are difficult to set up and expensive, especially, when licenses need to be paid to enable VPN features. Once some hidden recurrent licensing costs are uncovered, it can quickly become a non-viable solution for SMBs. Good news is that there are SMB friendly solutions.

One way to VPN a remote user is setting up VPN directly from their computers. Another way is establishing a LAN-to-LAN VPN between remote user networks and companies LAN. The latter option is better when the remote network is a SoHo or branch office and there is a need to connect multiple devices seamlessly.

 

 

VPN and firewall features

 

 

 

 

A solution we like to promote that has all that is needed: VPN, firewall and security options, does not break the bank, and does not require licenses is from DrayTek. 

Now let’s explore the VPN options for remote users:

 

VPN remote users directly from their computers or mobile devices

Also referred to as Host-to-LAN or Remote Dial-in VPN, it usually requires the use of a VPN client installed in the remote computer or device but can also work with the devices’ OS native VPN clients. 

There are multiple types of VPNs with different levels of encryption and performance. The most common ones nowadays are SSL VPN, OpenVPN(r)  and a few flavors of IPsec.

VPN remote

 
Once VPN is established, the device gets an IP from the company’s network and works as if it was local. The VPN’d device can now access servers directly and routes can be configured depending on the need. All or specific traffic can be sent through the VPN to corporate networks. It is particularly useful when cloud services have to be accessed from corporate IP addresses only. 

DrayTek offers a free VPN client for Windows, Mac OS, Android and iOS and supports all the VPN types mentioned. Of course there are preferred VPN types for improved performance and security depending on the OS of the device running the client. If you prefer not to install any VPN client and use the OS built-in VPN you can also do. Here is the recommended VPN types for DrayTek routers running DrayOS, Models 2133, 2926, 2952, 3910:




OS

VPN Type

Client - Router

How to

Windows

      L2TP/IPsec - L2TP/IPsec

Instructions

Android

IPsec XAuth - IPsec XAuth

Instructions

MacOS

Cisco IPsec - IPsec XAuth

Instructions

iOS

IPsec - IPsec XAuth

Instructions

 

 

 

LAN to LAN VPN

 

LAN to LAN ( Lan2Lan ) VPNs have been used for many years by large and medium enterprises. IT requires a router or VPN device in both local and remote sites and is mostly used to interconnect branch offices and Extranets. In the past, it was also required to have a very specialized technician to set it up and support it. Many encryption methods and terms used would scare away new users creating an entry barrier to new players.

LAN to LAN

 

The nineties have passed and complex command line configurations are not needed anymore. Friendly GUIs and simple one or two page documents are more than enough for an IT technician with limited experience to successfully setup secure LAN to LAN VPN tunnels.

 

In addition to Point-to-Point connections between two sites, Lan2Lan VPN can be used to connect multiple offices in Hub-and-Spoke or Mesh VPN topologies. At this point advanced routing and firewalling is needed to direct the traffic flow. 

 

Some Lan2Lan VPN endpoints even offer redundancy and failover. A VPN Trunk can also be used to group VPN tunnels going over distinct ISPs and offer aggregation and failover capabilities.

VPN Trunk

Recommended Security: IPsec Tunnels with AES-SHA256 Encryption

 
An IPsec tunnel with AES-SHA256 security method is recommended for highest security and best performance.

Almost all Lan2Lan VPN endpoints support IPsec and since it is a standard interconnection between VPN endpoints from multiple vendors is possible. DrayTek has been an excellent option as an addition to existing VPN networks as it can establish VPN tunnels to mainstream Networking/VPN product manufacturers.

 

Multiple Lan2Lan connections involving a number of routers can be challenging to manage. The solution you pick should provide a way to  configure, manage and monitor all the VPN tunnels from a single central Interface. Again, DrayTek fulfills this need with its ACS centralized cloud management.

 

To have the answer ready on which model your customer needs, and deliver the answer to their Everything Remote question, simply click & pick the solid technology solution that’s easy to deploy remotely, keeps your clients secure, while managing their experience, like only you can, right here

 

 

Share Now Share on Facebook Share on LinkedIn Share on Twitter Share on google+