Good Evening Everyone ......

I'm starting this post / thread, to hopefully get some information from both dmorris and sky-knight. The reason I didn't PM them, is that of course I want any input, suggestions, thoughts, and ideas from anyone that wants to chime in, but at this point with my n00b Untangle knowledge, dmorris and sky-knight have given me some really, really good information and advice.

I'll try to keep this as brief as possible, though of course I'll be giving detailed information and scenarios / examples to describe what I'm looking for, and if Untangle would work well for this. And by saying "work well" I don't mean; oh, it works, but not very well ............."

Here's the current info, with no details per se, because I don't think they'll be needed.

Currently I have a site to site IPsec VPN with my company's main site, and our remote site some 4 miles away which consists of a small office area, large butt warehouse for housing product, and a total of 3 employees there.

Remote site information:
3 - I.P extensions | 3 - workstations.
1.5 Internet T-1 coming into site.
Main connection method; RDP from Win7 (32bit) stations to a 2008 (32bit) Terminal Server for all file, application, and printing functions (redirected) through the current IPsec VPN Tunnel. So really, only keyboard, video, and mouse signals are being passed, plus printing, and then occasional I.P. voice traffic, but really, not much at all.
ASA-5505 at the remote site handling the site to site tunnel, and acting as the DHCP server.
Traffic is split - if the local workstation at the remote site goes out the internet, their route goes out via the circuit providers network, and doesn't travel down the tunnel, to go "out the door"

Main site information regarding VPN setup.
An ASA-5505 on the main site side, with bonded circuits that are dynamic for load balancing voice traffic (split at the adtran to go to my phone switch, AND, the ASA) and data traffic from; site to site VPN with remote site, and 3 client based VPN "profiles" for 3 developer consultants working on some projects. Their load is not intensive at all. I've monitored their connections, and they are not pushing heavy amounts of data through their VPN connections.

I'm thinking of using Untangle for the site to site tunnel, hence this post.
I already know I can create OpenVPN packages for the consultants for them to gain access to my network.

My overall goal is to essentially strip all "data" traffic from my bonded circuits from Provider 01 and have the bonded circuits primarily there for "voice" traffic.

Other Main Site Information:
I have two gateways for redundancy. Primary gateway, is my main site Untangle box. It's external interface goes into a Comcast SMC router / modem (it's a 50 meg pipe) and as stated, the main GW for workstations, servers, etc. Comcast is Provider 02. The second (backup) GW, from Provider 01, are the bonded internet T-1s that I want to use for primarily voice traffic as I said, but if for some reason the Comcast circuit goes down, I can roll over to that circuit.

Misc. Information:
I'm more of a router person than a VPN person ....... so there you have it.

I've found Untangle to be more "friendly" with setting up remote VPN connections than waddling through the ASA - though on a side note, I've learned a great deal with setting up an working with an ASA ..... LOL .....

Because of the remote client VPNs I have using Untangle, I'm assuming the same would hold true for a site to site VPN with.



The point of this post:
I'm thinking about dropping the ASA based site to site VPN and going with Untangle for that. The reason I'm thinking about this is two fold;
01 - as stated I want to get as much "data" traffic of my bonded T-1s
02 - as stated, I really prefer working with Untangle over my ASA-5505s
03 - I can keep the remote site ASA as a spare, if something happens to the main one.
04 - I'm in the process ( this weekend in fact ) of completely changing the I.P. schema of my main network and the remote network, so I thought this may be the best time to change over to Untangle. Also because of the I.P. schema change, I have to change / reconfigure the inside interface of my ASA.

So .......

In anyone's opinion, would a site to site Untangle VPN work as well as an ASA based site to site VPN? As stated the remote site consists of 3 users, and it's all RDP traffic, some print traffic, and little VOIP traffic.

Besides the fact I like working with Untangle, if I use Untangle at the remote site, I can point it to the Untangle system at the main site, which is on the fat Comcast business class circuit - and there would be compatibility (one would think - or at least highly probable compatibility) due to an Untangle to Untangle / site to site VPN over an ASA to Untangle site to site IPsec VPN

Also, obviously the Untangle box at the remote site can be the DHCP server, etc .....

So - dmorris and / or sky-knight - your thoughts? Do you guys, or anyone else, see a problem(s) or potential pit falls with going with an Untangle site to site VPN?

I'm going to start reading up more on Untangle's wiki, and any of their other sites that has documentation. I've already read a little at this point regarding the capabilities Untangle has for doing a UT 2 UT site to site connection.

As usual, any information, ideas, thoughts, and / or suggestions would be greatly appreciated.

Thanks a bunch, and take care everyone .....

G.