recommendation for small office IP proxy

[nonagonal]

I'm manging IT for a small office (~20 people) in Colorado. We have another 80 or so people who work remotely. I'm wondering if there's a simple way to allow those 80 people to use IP addresses from the small office.

The small office gets internet via a local ISP and it has a few routers etc (nothing fancy). I'm trying to figure out how to let the remote workers use IPs from the small office when they interact with the internet using their web browsers.

At a previous job we had a SonicWALL VPN that was fairly easy (but not trivial) to set up. It allowed us to create accounts for ~10 people, and I think (but I'm not sure) when we VPN'd in then we'd appear to the outside world to have IPs from our office location.

That feels like overkill in this case since we don't need any of the other VPN functionality. I'm just not sure how to set this up. I'm favoring some kind of hardware device to do it rather than trying to set up a computer & software to do this in the office.

Any advice would be most appreciated! Apologies in advance for any mistakes in terminology above. I manage IT for this comapny on the side, sometimes rather poorly .

Regards,
Jeremy

 

[bill001g]

Like most things you pay for easy to use. There are other things that are not sonicwall but in effect they are all vpn appliances. Some are outrageously costly like the ones from cisco or juniper....then again these are some of the few that you do not have to load anything at all the clients.

You can do it free if you are willing to load a linux firewall image that has vpn support. Of course then you trade you cost savings for you time setting up and maintaining it.

 

[boosted1g]

Its one thing to us VPN to allow the remote workers to access resources at the office, but why do they need an IP from the office to browse the internet?
Is there a specific web bassed application they must access from one of your IPs, or is it simply a matter of using a proxy for "security" of the remote worker?

 

[nonagonal]

Its one thing to us VPN to allow the remote workers to access resources at the office, but why do they need an IP from the office to browse the internet?
Is there a specific web bassed application they must access from one of your IPs, or is it simply a matter of using a proxy for "security" of the remote worker?

It's actually a web application that we control which they need to access. Things will be much simpler for us if everyone is accessing this web application from the same group of IP addresses. So we'd like everyone to show up using the IP addresses provided by the small office's ISP.

 

[boosted1g]

Ok so bassically you have a offsite web application and you wish to have an added layer of security with IP filters
So yeah VPN is your best option.

Frankly having two factor authentication or shared secret key required for the connection would be more effective then IP filter for your web applicaiton.
There are certianly enough inexepnsive products to run a reliable VPN server (cant go wrong with ubiquiti edgelite router when you consider its feature list for the $100 price point).
But when you factor in needing the setup all the laptops, user training (and most not understanding what the VPN is doing), and because you need the remote users to access web through your office that means ALL their internet traffic has to go through your system so unless you have a 100mbit upload or better this can really tie up your network for that many remote users.

 

[nonagonal]

Ok so bassically you have a offsite web application and you wish to have an added layer of security with IP filters
So yeah VPN is your best option.

Frankly having two factor authentication or shared secret key required for the connection would be more effective then IP filter for your web applicaiton.
There are certianly enough inexepnsive products to run a reliable VPN server (cant go wrong with ubiquiti edgelite router when you consider its feature list for the $100 price point).
But when you factor in needing the setup all the laptops, user training (and most not understanding what the VPN is doing), and because you need the remote users to access web through your office that means ALL their internet traffic has to go through your system so unless you have a 100mbit upload or better this can really tie up your network for that many remote users.

Gotcha, thanks for the suggestion! I just wanted to make sure a VPN makes sense for me. We actually don't care about many of the VPN features, we really just want to make sure our remote workers have the same IP address as our local workers.

If we have 80 people simultaneously using the VPN do you think a box like that can handle it? I think we do have enough bandwidth from our local ISP but I wasn't sure how to find things like user limits for the VPN on a box like this.

Thanks!
Jeremy

 

[boosted1g]

How many simulatanous users? 80 would be beyond the scope of an edgelite router. For that load you would really want some higher end commercial equipment.

Agian though this is going to add a lot of stress onto your network.
You will now have all of those remote users routing ALL of their internet traffic through your network. If you dont have 100mbps upload speed or better on yoru network this is going to really bog you down.
Not to metion the amount of user training and configuraiton to initiate a VPN connection to office for the sake of logging into an offsite web applicaiton with a limited number of IPs. There are better security measures you can take then IP filtering.

 

[nonagonal]

How many simulatanous users? 80 would be beyond the scope of an edgelite router. For that load you would really want some higher end commercial equipment.

Agian though this is going to add a lot of stress onto your network.
You will now have all of those remote users routing ALL of their internet traffic through your network. If you dont have 100mbps upload speed or better on yoru network this is going to really bog you down.
Not to metion the amount of user training and configuraiton to initiate a VPN connection to office for the sake of logging into an offsite web applicaiton with a limited number of IPs. There are better security measures you can take then IP filtering.

Yes unfortunately the requirement is for some large percentage of the 80 users to be using the VPN simultaneously. Our web application is a long (and fairly boring story) - unfortunately I'm stuck with the IP filtering requirement for now as well.

 

[boosted1g]

Well what kind of internet connection are you working with?

 

[nonagonal]

Well what kind of internet connection are you working with?

Good question, I'm looking into that now. Either way - it'll be fast enough, or my next project will be setting up a higher-bandwidth internet connection .

 

[boosted1g]

Well what kind of internet connection are you working with?

Good question, I'm looking into that now. Either way - it'll be fast enough, or my next project will be setting up a higher-bandwidth internet connection .

Hopefully your Colorado office is near Denver.
So many places in the country cant get much for internet bandwidth. Where I live at you can get 60mbps down/6 up for residential but the most business can get is 20 down and 2 up, that is barly usable for 1 VPN user for remote desktop usage.

 

[nonagonal]

Well what kind of internet connection are you working with?

Good question, I'm looking into that now. Either way - it'll be fast enough, or my next project will be setting up a higher-bandwidth internet connection .

Hopefully your Colorado office is near Denver.
So many places in the country cant get much for internet bandwidth. Where I live at you can get 60mbps down/6 up for residential but the most business can get is 20 down and 2 up, that is barly usable for 1 VPN user for remote desktop usage.

Indeed this could all fail miserably but at least the next steps are clear. Thank you for your help!