Hey guys, I'm currently looking into changing the routers the company I work for uses for site to site VPN tunnels to our clients. We are a cisco shop but ASA's for all of the clients is not feasible. Currently we are using the Netopia N910. They work ok for the most part but we are hoping to find a decent router in the 150-300 dollar range that supports multiple VPN tunnels (less than 5), SSH administration (we are running into a lot of the clients needing to close telnet for pci compliance), NAT, and PAT. Preference for devices without built in wifi. Has anyone been in a similar situation and can suggest a couple of their explored options? Thanks for your time everybody!
Sounds like you could be looking for something like the Sonicwall TZ 100, which is a firewall router that I've recommended before on here to several others, and I've installed and set up several small business locally with them as well. These are great devices, low cost, and have all the features you are looking for I believe. What's great is how easily Sonicwall firewalls can be configured into site-to-site VPN tunnels. You don't even need static IP addresses on both sides of the tunnel, only on one end. The Sonicwall firewalls also come in a pretty good range of capabilities, so if you have one office that is larger or has greater networking demands than the others, you can always get a slightly more robust model and everything still works the same all together.
Its going to depend how many sites you have and if you need any to any connectivity or if you can live with a hub and spoke design.
One reason people use cisco is its ability to run DMVPN. You can buy small cisco routers instead of ASA but they still are not what you can call cheap.
A couple of examples of why you need to use DMVPN.
You have any to any traffic flow and your remote sites have dynamic IP addresses. This means every time a IP changes you have to touch every router to configure the tunnels. With DMVPN you only need 1 location with a fixed address. The routers will built the tunnels on the fly with no intervention.
You have a large number of sites..even 10 means almost 100 tunnels to maintain. This also means that you are using resources in the router even if no traffic is flowing between the sites. DMVPN will only create the tunnels between the sites when there is traffic going to use it.
Cisco is one of the very few vendors that can solve problems like this and is part of the reason you pay so much for their product.