Ok, I feel like this should have been an easy google search but my googleFu has failed me.
I am looking for a device that can be used as a hardware VPN Client. I need to give home users a Physical SIP Phone. I need this device to sit behind NAT/PAT.
I can have this device connect to Watchguard or Cisco.
What am I looking for?
Thanks for your help!
Aruba has a range of products called RAP (Remote Access Point) that is essentially a wireless AP with an always-on IPSec tunnel. I believe it also has an ethernet port for local devices.
I’ve never used them myself but it seems to fit the bill.
I’ve used Cisco ASAs and Fortigates as dial-up IPSec clients. They work really well.
I can have this device connect to Watchguard or Cisco.
Man, if only those devices had a VPN feature set…
Some phones can do it themselves which would be a good option.
Otherwise, loads of options. Small Ciscos, Ubiquiti, SRX, Aerohive, Mikrotik, etc etc Any VPN endpoint.
Here is one that comes to mind:
http://www.tutus.se/products/farist-micro.html
However it isnt compatible with cisco or watchguard (you need to use their Färist VPN as concentrator).
For more info:
Their OS gained Common Criteria EAL5+ last year (among other certs and approvals):
The very best option is a Cisco 800-series router and DMVPN over IPSec.
Other options are not so graceful and not so easy to manage but might work anyway.
You are looking for a tele-presence Hardware device. If the device has a POE port that would be ideal to run your phone.
I can recommend the Aruba RAP3, (have 200+ deployed),
or a Meraki MX65, both have a single POE port, and work well with voice traffic.
Aruba has Aruba Activate too so you don’t have to pre-provision the access points… You just plug them in and they call to Activate which has provisioning rules that point it where it needs to go…
If you get an IAP model of the the AP it can be an IAP (instant access point), Campus AP (controlled) or Rap.
205H is probably what you would be after… It has dual radios and 3 ports of ethernet, one with PoE passthrough if you’re using an injector / switch to power the AP/phone.
Thank you for your response.
I did look into this, The polycoms I have do not have this ability.
Quick Followup:
When using this as a VPN endpoint can I still create routing rules? Such as only have the telecom data go down the VPN, or would it be an all or nothing sort of setup?
You specify what you want to go through the VPN tunnel with an ACL. Anything that matches the ACL gets routed through the VPN, anything that doesn’t gets routed locally.