nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Zero-Touch Deployment Remote Office solution?

From: PC <paul4004 () gmail com>
Date: Fri, 18 Jan 2013 12:32:15 -0700
I handle this a different way.  I'm not saying it's the easiest solution,
but its very scalable to many thousands of endpoints.

I take a small router and I set the "WAN" side to DHCP.  I use
client-intiated L2TP tunnels w/ ipsec protection to build a tunnel to the
head end.

The beauty of this is:
1) It works on any internet connection.  NAT and dynamic IPs are not a
problem.  Since it's all UDP encapsulated and client intiated, they just
need to supply internet access via DHCP.
2) It's stateful.  The username/password defined on the remote client
decides what IP block is routed to the client.  All configuration is done
from the head end based on the radius file.  Routed IP blocks.  Access
lists.  DNS settings.  You name it.  A report off the IP list data file
builds the radius file.  If PPP/IPCP and virtual-templating can do it, you
are good.
4) It supports all your standard routing protocols, and multicast, if
desired.
5) The only thing needing provisioning on the remote side is
username/password.  Configs are pre-seeded with a "special"
username/password that provides enough access for the head office to login,
change it to the final value, and reload.

Now, I know there's several more mainstream solutions than this, and while
this removes technical complexity from the branch office, it does add some
to the headquarters.

If you're looking for a more out of the box solution, Cisco has an EZ-VPN
solution, amongst others.


On Fri, Jan 18, 2013 at 10:41 AM, Matthew Craig <matcraig () nmsu edu> wrote:


We have a bunch of small remote offices where we deploy cheap routers with
VPN tunnels back to the central office.  This is a very static process with
high overhead… we have to manage each remote router separately, and the
offices do not have tech personnel that can handle local office issues.

We're looking for a more centrally managed and automated "zero-touch"
remote office solution, like the Cisco Virtual Office, where the local
non-clueful people don't have to do much.

http://www.cisco.com/en/US/netsol/ns855/index.html



Does anyone have any experience / feeback for this Cisco Virtual Office
solution or have recommendations for alternative solutions.



- Matt
Previous By Date Next
Previous By Thread Next

Current thread: