Current Configuration
We have two sites that are connected via a gateway-to-gateway VPN tunnel using Cisco RV082 routers. We also have VPN access using QuickVPN for our Windows employees and PPTP for the few of us that run Mac OS X or Ubuntu Linux.
The RV082's QuickVPN reliability and performance has always left a little to be desired. One of our RV082's is starting to act flakey, so I'm interested in purchasing a replacement.
Question
Should we buy another RV082, or is there a better solution to meet our desired configuration? At this point, I'm interested in only replacing one of the two RV082s, so if we did buy something else, it would have to be able to create a VPN tunnel with our remote site.
Desired Configuration
- Provide a permanent VPN tunnel to connect our HQ and remote site, which has an RV082
- Provide up to 5-10 concurrent VPN connections for traveling/remote workers (we have 26 employees, so that should be sufficient for now)
- Wireless is not required, as we have separate wireless access points
Possible Options
- Cisco SA 540, although I can't tell from my cursory review if there are any recurring costs associated with VPN access of remote users
Post-Upgrade Update
On Monday, June 20, 2011, we replaced our Cisco RV082 routers a PC Engines' ALIX SBC running pfSense version 2.0-RC3 (i386). So far, we're very happy with the upgrade. Benefits include:
- More informative status and diagnostics including RRD Graphs
- Wider selection of VPN options (QuickVPN never seemed to work that great for our road warriors)
If you're open to a non Cisco product, checkout pfSense. It can be configured as a router, firewall, and has openVPN as an installable package. I believe you can also configure it to only act as a standalone VPN server. The openVPN client will run on Windows, OS X, and Linux. I used to use the QuickVPN, but it was such a hassle to keep it working all the time.
I personally use pfSense on a 1U SuperMicro atom server and it works great all the time. If you do end up going with it I would recommend their book on Amazon, it really helps clarify configuring.
I suggest the Cisco ASA 5505 security+ license. ASA 5505 allows up to 10 concurrent ipsec vpn sessions, and 2 SSL vpn sessions. Additional license for up to 50 SSL clients cost about 100$.
But as SkinnyGeek1010 said, pfsense on cheap hardware will do the trick. I bought a watchguard x500 from ebay for about 80$ and replaced the OS with pfsense, you could use Linux too. It comes with a 1.2ghz celeron cpu, 256MB ram and 64MB CF (which can be replaced with up to 4GB). The watchguard x500, x700 and x1000 are the same in terms of hardware.