Arg - that should be "seeking commercial services".. And, once I bring recommendations, it might well be that we just fall back to a DirectAccess server in each office, with our without a multi-site configuration, potentially with an SSP VPN appliance also at each office for backup and contractors, and call it good.
Kurt On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > I'm not sure either, but that's the task I've been given - not > necessarily to implement at this stage, but to scope out the > alternatives and come up with some possibilities. > > It's also why I'm seeing recommendations on commercial services, so > that our implementation requirements are minimized. > > Kurt > > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale > <jcas...@activenetwerx.com> wrote: >> I've done a lot of openvpn setups in a myriad of formats, site to site, hub >> and spoke, client etc. >> It works well and there are even some lesser documented features that do >> some neat stuff but you are now rolling your solution and marinating it >> manually. >> Not sure how well that will scale unless you have a skilled team. >> >>> -----Original Message----- >>> From: listsad...@lists.myitforum.com >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >>> Sent: Monday, November 13, 2017 5:22 PM >>> To: ntsysadm <NTSysADM@lists.myitforum.com> >>> Subject: [NTSysADM] Looking for a global VPN solution - looking for input >>> >>> All, >>> >>> 1) For staff, currently we're using DirectAccess on 2012R2 as our >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto >>> Global Protect) as primary for our overseas offices and secondary for >>> the US (Sonicwall). >>> >>> 2) In the US office, we also have contractors/consultants needing to >>> use our SSL VPN for access to various resources, and that will likely >>> expand to our overseas offices soon. Differentiation and securing >>> resources is even more important here than in 1). >>> >>> 3) We also stand up IPSec tunnels for vendors/partners as needed (lab >>> to lab), for interoperability/compatibility testing. >>> >>> We're looking to get into a solution that will take care of at least >>> the first two (and ideally the third as well), so that we don't have >>> so many platforms to support, and so that we can make sure that staff >>> in the field get the fasted connection available. >>> >>> I've taken a quick gander at the websites for vyprvpn (Golden Frog), >>> and OpenVPN (commercial client offering), but don't have much of an >>> opinion on them, as info about them is a bit thin. >>> >>> Anyone have experience with solutions like this, and care to comment? >>> >>> Thanks, >>> >>> Kurt >>> >>