the Internet

Which professional routers have a VPN to connect us to the company?

0 885 11 minutes of reading

Manufacturers of professional routers often integrate VPN servers and clients to establish secure connections with other sites (site-to-site VPN) or remote access connections for users (RoadWarrior). In a small and medium-sized company, it is essential to use this technology to remotely access all the local resources of the company, but also to intercommunicate the offices of the same company. Today in RedesZone we are going to recommend a series of professional VPN routers ideal for SMB environments.

Link D

Manufacturer D-Link has been a leader in the SMB segment for years, not just in L2 and L3 switching with its latest switches DGS-3630 et DGS-3130 L3 , but also with professional routers with VPN to remotely access local company resources (Remote Access VPN) and to interconnect different sites (Site-to-Site VPN).

Currently, D-Link offers two models of professional routers with VPN which are widely used by businesses and which over time have been updated both at the hardware level with new components, as well as at the firmware to have the latest industry technologies. .

D-Link DSR-250N

The main hardware features of this professional router are the incorporation of a Gigabit Ethernet port for the WAN Internet and a total of 8 Gigabit Ethernet ports for LAN . It also has the N300 Wi-Fi in the 2,4 GHz band , to provide Wi-Fi connectivity when needed. Other important features are the addition of a USB port 2.0 to extract logs to a removable storage device, easily perform firmware updates, and even insert a 3G / 4G USB dongle for enterprise redundancy. Finally, it has a RJ-45 console port to manage this professional router locally via CLI.

D-Link DSR-250N - Wireless Router


>
EUR

200,66

This router not only works as a VPN client / server, but also as integrated router and firewall . Some of the main features of its firmware are that we can configure WAN connections with Static and Dynamic IP (DHCP), establish PPPoE / L2TP / PPTP sessions and even allow the establishment of multiple PPPoE connections. We can also create multiple static routes, use dynamic DNS, perform NAT / PAT functions, and allow content filtering with static URLs or keywords. Another important feature of firmware is that it has a intrusion prevention system based on signatures that are embedded in the firmware, and we can have different authentication methods (internal database, RADIUS, LDAP, AD, NT domain etc.)

At the network level, this professional router has a DHCP server / client, DHCP Relay, supports 802.1Q-based VLANs , allows you to configure the inter-vlan routing so that this router is able to interconnect VLANs that come from a managed switch, it also supports VLANs per port, it is able to handle multicast traffic with IGMP Proxy and also IGMP Snooping, it fully supports IPv6 networks and redundancy via a USB 3G / 4G dongle.

Regarding VPNs, it is capable of establishing a total of 75 VPN tunnels, 25 IPsec tunnels, 5 SSL VPN tunnels, 25 PPTP / L2TP tunnels, 10 GRE tunnels and 10 OpenVPN tunnels. The firmware supports 128-bit and 256-bit AES encryption, as it also supports encryption that is currently not considered secure, such as DES or 3DES. Of course, the firmware has IPsec with NAT, DPD, AH and ESP traversal.

According to D-Link, this professional router offers speed through the firewall of 750 Mbps, if we use a VPN with 3DES encryption, the performance is 50 Mbps, so if we use more robust encryption such as AES, the performance will be lower because it does not have hardware encryption acceleration. We will be able to perform a total of 20 simultaneous TCP sessions, with a maximum of 000 sessions per second, and the possibility of having up to 200 policies in the firewall.

We recommend that you visit the D-Link DSR-250N official website where you will find all the details of this equipment.

D-Link DSR-1000AC

This D-Link DSR-1000AC router is currently the top of the line from manufacturer D-Link. The main features at the hardware level of this professional router are the incorporation of two Gigabit Ethernet ports for the WAN Internet. Therefore, we will have a dual wired WAN with support for FTTH operators in Spain because we can configure the VLAN ID of each interface on the WAN. In addition, this router also has USB 2.0 ports, so one can use a 3G / 4G USB dongle to have a triple WAN and have the best possible redundancy so as not to end up without an Internet connection. This model also has a total of four Gigabit Ethernet ports for the local network and a RJ-45 console port to manage this professional router locally via CLI.

D-Link DSR-1000AC Dual Band WiFi Router 2 VPN Ports, 4 Gigabit WAN Ports, 3 Gigabit LAN Ports, Detachable Antennas

>
EUR

295.00

At the wireless level, this equipment is dual-band simultaneous with the AC1750 Wi-Fi, we can reach a speed of up to 450Mbps in the 2,4GHz band, and a speed of up to 1300Mbps in the 5GHz band thanks to the Wi-Fi. Fi 5 Ce The wireless network of the router is medium-high range, so we can achieve very high speeds over Wi-Fi, and not only that, but we can create different SSIDs and assign them to different VLANs, like s' it was a professional access point.

This router not only works as a VPN server / client, but works have as a router and a built-in firewall.. Concretely, it has exactly the same options as its little brother the DSR-250N, such as being able to configure WAN connections with static IP, dynamic (DHCP), PPPoE / L2TP / PPTP. The firmware will allow us to create multiple static routes, but this model also allows the use of dynamic interior gateway routing protocols such as RIP and OSPF, which the previous model could not do. Other features are the possibility of using dynamic DNS, it does NAT / PAT functions, it allows content to be filtered with a static URL or with keywords, it has an IPS based on signatures which are incorporated in the firmware, and you can have different authentication methods (internal database, RADIUS, LDAP, AD, NT domain etc.)

At the network level, this professional router has a DHCP server / client, DHCP Relay, supports 802.1Q-based VLANs , allows you to configure the inter-vlan routing to interconnect VLANs that come from a managed switch, supports VLANs per port, is able to handle multicast traffic with IGMP Proxy and also IGMP Snooping, it fully supports IPv6 networks and allows you to configure the load balancing between the two wired WANs, and even has a "route failover".

Regarding VPNs, it is capable of establishing a total of 155 VPN tunnels, 70 IPsec tunnels, 20 SSL VPN tunnels, 25 PPTP / L2TP tunnels, 20 GRE tunnels and 20 OpenVPN tunnels. The firmware supports 128-bit and 256-bit AES encryption, as it also supports encryption that is currently not considered secure, such as DES or 3DES. Of course, the firmware has IPsec with NAT, DPD, AH and ESP traversal.

According to D-Link, this professional router offers speed through the firewall of 950 Mbps, if we use a VPN with 3DES encryption, the performance is 250 Mbps, so if we use more robust encryption such as AES, the performance will be lower because it does not have hardware encryption acceleration. We will be able to perform a total of 100 simultaneous TCP sessions, with a maximum of 000 sessions per second, and the possibility of having up to 1000 policies in the firewall.

We recommend that you visit the D-Link DSR-1000AC official website where you will find all the details of this equipment.

In the following video, you can see in detail what these two professional routers with D-Link VPN look like, and you can also see their full configuration firmware:

HAS HIS

ASUS is one of the best home router manufacturers on the market, as it not only has top-of-the-line routers with the newest hardware on the market, but also truly comprehensive firmware with hundreds of configuration options. , ideal for "experienced users". maximum play to the team. A few years ago, the manufacturer launched a professional VPN router specifically geared towards small and medium-sized business environments, using the same Asuswrt firmware but with added vitamins, and it has even more built-in features.

ASUS BRT-AC828 Dual WAN VPN

The ASUS BRT-AC828 Dual WAN VPN Professional Router is a high-end device with really powerful hardware and firmware that has everything you need to use it in small and medium-sized businesses.

The main wireless features of this router are that it integrates simultaneous dual band with AC2600 Wi-Fi, it has a 2,4 GHz band capable of delivering a speed of up to 800 Mbps and in the 5 GHz band we can achieve a speeds up to 1 Mbps . This router has four external antennas in MIMO 4T4R configuration in the 2,4 GHz band, and four external antennas in MU-MIMO 4T4R configuration in the 5 GHz band, moreover, in this frequency band we can have 160 MHz channel width in 80 + 80 configuration. Of course, it also has Beamforming technology to focus the wireless signal on the clients and achieve maximum coverage and speed.

ASUS BRT-AC828 - AC2600 Dual WAN Router for Business (IPsec Server and Client, Local VLAN, Captive Portal, M.2 Sata Slot, Radius Server)


>
EUR

299,90

This ASUS BRT-AC828 professional router has 2 Gigabit Ethernet ports for Internet WAN , this means that we will have a dual WAN with load balancing and hardware acceleration, so that we can achieve a speed of up to 2 Gbps upload and 2 Gbps download, without limitations by the computer software. If you are using FTTH operators, the firmware allows you to configure the VLANs in the Internet WAN to be compatible. In addition, it has already implemented the Triple VLAN profile of Movistar FTTH. We also have 8 Gigabit Ethernet ports for LAN, supports link aggregation with 802.3ad standard and can link up to 2 ports, so we can create 4 groups of 2 ports to get up to 2Gbps Full Duplex. Of course, we have NAT acceleration to get the best internet speed possible.

This router has two high performance USB 3.0 ports , and Managing Director, a slot to connect an M.2 SATA3 type SSD , in this way we can install M.2 SATA3 SSD to use as file server. Firmware ASUSWRT has a Samba server and a highly configurable FTP server at the level of user permissions. We can also use USB 3.0 with 3G and 4G modems to use them as WAN Internet in case of main connection failure.

The ASUSWRT firmware available to the ASUS BRT-AC828 is very complete, in addition to having all the options typical of ASUS high-end routers for the home market (except DLNA media server and print server) , they incorporated some very interesting ones that we summarize below:

  • IPsec server and client with IKEv1 and IKEv2. Possibility to configure it in Roadwarrior and Site-to-Site mode. IPsec configurability is not very good, we don't have a lot of options, previous D-Links have a lot more options.
  • The highly configurable OpenVPN server, just like home routers, is the best in this regard.
  • VLAN in the local network, so we can easily segment the professional local network and use the 802.1Q standard, in addition, we can configure several DHCP servers, one for each VLAN created.
  • Creation of user groups with different authorizations, possibility of creating a captive portal in the guest Wi-Fi network, Facebook Wi-Fi and Free Wi-Fi.
  • Built-in RADIUS server for wi-fi client authentication, we configure it as WPA2-Enterprise and select the router itself as the server.

And all of this from the user interface itself, without the need to enter a command.

We recommend that you consult our analysis complete ASUS BRT-828AC Dual WAN VPN where you will find all the technical details, the actual performance of the equipment, but also each of the configuration possibilities.

NETGEAR

NETGEAR is another of the most prominent manufacturers in the small and medium business environment, both for L2 and L3 switching, and for professional Wi-Fi and VPN routers. Recently, the manufacturer NETGEAR launched its management in the NETGEAR Insight Cloud, a cloud platform that allows simple, fast and secure administration of all equipment on the professional network, and all this with a truly user-friendly graphical user interface.

Currently, NETGEAR has a VPN router compatible with NETGEAR Insight, the NETGEAR BR500, which allows us to create remote access VPNs and also site-to-site VPNs very easily and quickly, without needing to know IPsec, OpenVPN or other VPN. network protocols.

NETGEAR Insight BR500 Instant VPN Router

This professional router with VPN services is part of the NETGEAR Insight family for administration from the cloud, although we can also manage it locally. The main features of this router are that it has a Gigabit Ethernet port for Internet WAN , with taking en load VLANs in the WAN Internet and to be compatible with FTTH operators in Spain. It also has a total of four Gigabit Ethernet ports for the local network , with Hardware NAT for excellent wired performance. The CPU of this equipment is Dual-Core at 1.7GHz to have good performance in VPN traffic.

Netgear BR500-100EUS - Insight Instant VPN Router for Secure Remote Enterprise or Site-to-Site Connection


>

Consult

The most remarkable thing about this VPN router is its firmware, we will be able to configure different VLANs in the LAN to correctly segment the professional network, and we can even connect a switch in trunk mode to pass all the VLANs to it. In addition, we have the possibility of configure multiple DHCP servers, one for each VLAN that we create. This model also integrates an SPI firewall, detection and mitigation of DoS attacks, HTTP content filtering, possibility of using dynamic DNS, it does NAT / PAT functions so we will have port-forwaring, port-triggered and also DMZ, in addition to having a DNS proxy, UPnP, L3 QoS and full support for IPv6 networks.

Regarding the VPNs supported by this router, we have OpenVPN available with very basic configuration options . The most remarkable thing is that we have the VPN Insight , the strong point of this model, is that without needing to know about VPNs, we can configure remote access for PCs and also easily create site-to-site VPN tunnels. .

In the case of Remote access VPN with VPN Insight , we will be able to connect up to a maximum of 10 clients simultaneously. The typical remote access VPN configuration would be as follows:

In the case of Site-To-Site VPN with VPN Insight , we will be able to connect up to a maximum of 3 sites simultaneously. The typical site-to-site VPN configuration would be as follows:

This NETGEAR Insight Instant VPN Router BR500 professional router can be managed via the web in a comprehensive setup menu, and we will also be able to configure a large number of settings through the NETGEAR Insight app. If we use this professional VPN router with switches and Wi-Fi access points compatible with NETGEAR Insight, we will have centralized management where we can set up quite complex network architectures with a simple setup wizard, because we can configure everything from the application or the Cloud platform via the manufacturer's site.

We recommend that you consult our analysis complete NETGEAR Insight BR500 Instant VPN Router where you will find all the technical details, the actual performance of the equipment, as well as each of the configuration possibilities.

Although in this article we have not covered all the existing router manufacturers, we have integrated the most relevant in Spain. Other manufacturers such as Mikrotik, Ubiquiti, TP-Link and others, integrate both IPsec and OpenVPN to configure remote access VPN configurations and also Site-to-Site VPN, but in RedesZone we don't have not yet had the opportunity to see the options in detail .configuration and its operation.

0 885 11 minutes of reading

Similar items

Photo of Google Correlate; What is it, what is it for and how does it work?

Google Correlate; What is it, what is it for and how does it work?

December 31, 2020
Photo of Free Online Scan of Internet Ports and Hosts with BinaryEdge

Free online scan of internet ports and hosts with BinaryEdge

June 22, 2021
Photo of Xlight FTP Server: Configuration of this FTP and SFTP server for Windows

Xlight FTP server: Configuration of this FTP and SFTP server for Windows

June 22, 2021
Photo of How to create an account or register on Badoo

How to create an account or register on Badoo

June 15, 2021

Leave your comment

Your email address will not be published. Required fields are marked with *

WhatsApp
Button back to top