Inexpensive VPN Appliance for VPN Phones 3

[WhosYourDiffie]

Hello all,

My company and I have been looking for an inexpensive VPN solution for VPN Avaya phones.

In the past, we've always used a Cisco ASA5500 and that has worked for what we need but we need a less expensive solution for our smaller clients.

So please, if you have a VPN solution for Avaya phones, let me know about them. I'd love to get my hands on a solution that we can pop out every now and then without breaking the customer's bank.

Also, could you tell how reliable the appliance is for you? I'd like to hear about YOUR experience as well.

Thank you very much!!

- WhosYourDiffie

 

[Pepp77]

If it is just for VPN phones, you could get a lower model Sonicwall and use that. 90% of the sites I have done VPN phones for (including my own office) use Sonicwalls and they have been very reliable.

| ACSS SME |

 

[WhosYourDiffie]

@Pepp77

Thank you for your response! Can you please tell me which Sonicwall that you prefer and are most familiar with?

Thank you again!

- WhosYourDiffie

 

[intrigrant]

We use Drayteks without problems for SOHO customers.

 

[kwing112000]

We use fortinet and have had good results.

Kevin Wing
ACSS Small and Medium Enterprise (SME) Communications
ACS- Implement IP Office
ACA- Implement IP Office
Vive Communications

 

[critchey]

I would be careful with Sonicwalls. You really need to know what your doing or they can cause issues with VOIP. If you do know what you are doing they are great.

The truth is just an excuse for lack of imagination.

 

[janni78]

You really need to know what your doing or they can cause issues with VOIP. If you do know what you are doing they are great.

That can be applied to a lot of things =)

"Trying is the first step to failure..." - Homer

 

[Pepp77]

Just make sure you turn off H323 and SIP transformations and tick consistent NAT.

| ACSS SME |

 

[rdoubrava]

The connection speed is really important.
An Inexpensive VPN device wouldn't be able to handle a fast internet connection.
Can the VPN device handle split tunnel?

We use Cisco ASA or Fortinet.

 

[critchey]

Well maybe I am biased as I have seen far to many poorly administered Sonicwalls. You are absolutely right though that applies to a lot of things especially firewalls. I think we have all dealt with incompetent network admins and know how frustrating it can be.

The truth is just an excuse for lack of imagination.

 

[WhosYourDiffie]

Thank you all for your responses!

From what I can see, Fortinet and Sonicwall seem to be the most used besides Cisco ASA.

From some Internetting, I found that Fortinet FortiGate-30E / FG-30E may be a good choice for a small business VPN solution for phones.
Can anyone confirm this?

Also, a SonicWALL TZ300 may be the other option.

Are these firewalls that YOU have used?

Thank you again!!

 

[kwing112000]

sure i have put in somewhere around 20 of the 30E and had very few issues.

Kevin Wing
ACSS Small and Medium Enterprise (SME) Communications
ACS- Implement IP Office
ACA- Implement IP Office
Vive Communications

 

[Johnhyde]

Has anyone used the Cisco RV320 etc to run VPN phones remotely?

 

[VoIP Numpty]

The RV320 used to work nicely (and they are cheap), but a 'recent' (some time last year) firmware upgrade seems to have broken the operation and I can't work out how to get them working again.

I got the feeling that they are not classic Cisco - just some OEM embedded linux box with the Cisco badge on it, I've not done much 'real' Cisco myself but I recognise the classic Cisco IOS command line and the RV320 doesn't have it available at all.

Ended up just putting an RV320 at each end for the few that had been deployed.

 

[WhosYourDiffie]

@ VoIP Numpty

Do you believe that downgrading the firmware on the Rv320 would be able to only have one application in the equation?

 

[hairlessupportmonkey]

Meraki MX64 at head office and a Merak1 Z1 or Z3 for the remotes.

VPN done in seconds. All centrally managed

https://meraki.cisco.com/products/appliances

ACSS - SME
General Geek

 

[VoIP Numpty]

Do you believe that downgrading the firmware on the Rv320 would be able to only have one application in the equation?

I suppose that is a tempting thought... but if you think about what the device is, and the fact that you are going to put it on an Internet facing connection (hopefully with only a few ports open) are you sure that you want to risk running old firmware without having really good knowledge of all the changes to the firmware? There are likely security fixes in there.

At the end of the day Security Appliances; VPN boxes, Routers, Firewalls, SBCs, etc. Are just embedded computers with dedicated applications - many routers can be modified to run open source firmware for example. There's nothing special about them - just the required hardware for any special (DSL for example) interfaces, so like your PC it is important to keep up to date with the Updates.

I'm no security specialist, just someone with and interest and I keep an eye on security stories - sometimes quite frightening to find relatively well respected names selling 'high spec' DSL Router/Firewall/WiFi devices for SoHo/SME use with bad security issues like Hard Coded credentials or bad Web UI designs with magic URLs...

 

[WhosYourDiffie]

@hairlessupportmonkey

I've used Meraki in the past and although I do like them a lot, I don't think the client wants to keep purchasing licenses every 3 years. If we could use Meraki, I so would.

@VoIP Numpty

Thanks for your input. I figured you might say that. Just thought I could get away with doing it the "poor mans" way haha.

 

[ipohead]

The Cisco RV320 is a Linksys model like most of the low end kit and not real Cisco. Linksys passed to Belkin in 2013.