This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AP10 NOT behind RED device

Hello,
I need to connect 1-2 AP10 in a remote branch office to our ASG in main office, but I would not buy a RED device. In your opinion can I establish a connection in these conditions? About security: I imagine that the traffic from AP10 to ASG is encrypted, isn't it?

Thank you
eclipse79

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 13 years ago

I'm not sure that the traffic between an AP and the host ASG is actually encrypted... it seems like I remember this being a feature request. I'm pretty sure it's "tunneled", but not encrypted... perhaps someone from Astaro will be along to correct me if I'm wrong.

In any event...

If you are thinking about putting an AP10/30 behind, say, a DSL / Cable / T1 router, and have it route the AP to the public internet, and having it somehow connect to the ASG, no, I don't think this will work. The AP devices try to reach IP 1.2.3.4 ... which the public internet would not route to your ASG device. You will need a VPN tunnel of some sort, with a RED being the easiest option in this case.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 eclipse79oldacct over 13 years ago in reply to BrucekConvergent

You will need a VPN tunnel of some sort, with a RED being the easiest option in this case.

Thank you Brucek,
the problem is that the bandwidth of main office is not high... 4bit in optic fiber. Also remote office has not a high network performance (512k of guaranteed bandwidth). So I would not use it for secure web surfing...

If I decide to buy a RED, can I set it only for wi-fi communications between AP10 and ASG? Can a RED be configured for site-to-site IPSEC VPN?

Thanks
eclipse79
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 13 years ago in reply to eclipse79oldacct

The RED is a VPN device... it passes traffic at a lower level than your standard IPSEC VPN, and it uses it's own protocol for this. In your scenario, I would deploy a RED to the remote site (the configuration is all done at the head-end ASG Appliance), with an AP10 or AP30 behind it. This is a supported configuration, and it works well. Version 8.*** of the ASG software supports split tunneling, and other configuration options, so one of them is bound to fit your needs.

All you need to enabled RED support is to have an active, valid Network Security subscription on the head-end Astaro Appliance you will be connecting it too.

I've got a site or two using the RED, and so far, I like the little boxes.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 13 years ago in reply to eclipse79oldacct

The RED is a VPN device... it passes traffic at a lower level than your standard IPSEC VPN, and it uses it's own protocol for this. In your scenario, I would deploy a RED to the remote site (the configuration is all done at the head-end ASG Appliance), with an AP10 or AP30 behind it. This is a supported configuration, and it works well. Version 8.*** of the ASG software supports split tunneling, and other configuration options, so one of them is bound to fit your needs.

All you need to enabled RED support is to have an active, valid Network Security subscription on the head-end Astaro Appliance you will be connecting it too.

I've got a site or two using the RED, and so far, I like the little boxes.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 eclipse79oldacct over 13 years ago in reply to BrucekConvergent

The RED is a VPN device... it passes traffic at a lower level than your standard IPSEC VPN, and it uses it's own protocol for this.

I hope that the data transfert rate will be high using this protocol. We experience slowness in SSL vpn, and high speed using IPSEC vpn.

bye
eclipse79
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 13 years ago in reply to eclipse79oldacct

I've got one site that has a 2Mb/s Cable Up / Down connection that connects to the main site using a RED. Transfer rates go all the way up to 2Mb/s depending on demand, so I'd say that probably won't be a problem in your situation, as long as your main ASG is not loaded down CPU or RAM -wise.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 eclipse79oldacct over 13 years ago in reply to BrucekConvergent

I've got one site that has a 2Mb/s Cable Up / Down connection that connects to the main site using a RED. Transfer rates go all the way up to 2Mb/s depending on demand, so I'd say that probably won't be a problem in your situation, as long as your main ASG is not loaded down CPU or RAM -wise.

My ASG cpu usage is high... some months ago was 75%-80%, now I disabled some feature (ie im, some ips rules) and it is decreased to 60%-65%... But I have to see the memory usage after v8 migration [:)]
Cancel
Vote Up 0 Vote Down

Cancel