Re: [fw-wiz] VPN suggestions wanted

I'd be interested in the redacted configs for my own learning
experience - if I may?

On 9/17/07, Josh Ward <jward@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
tandernam wrote:
I'm doing some work with a small company (about a dozen employees)
that needs to make their remote access more reliable. I'm looking to
set up a (new) VPN for them (the old one is a hack job). I'm looking
for suggestions on a solution, something fairly simple to set up that
I can just plug between their intranet and the interweb. Reliability
is key. I'm mostly looking for a hardware solutions (just because I
think it would be easier to set up and more reliable), but I'd be very
interested to hear from anyone who is running a good small-scale
(please don't start talking about radius servers...) software gateway.
They're currently running NAT off their soho modem/router on a DSL.
Suggestions and recommendations would be most appreciated.

I have used Cisco 851 routers for deployments like this and they work
*great*. I actually have something very similar to what you are
describing at my house using an 851-wireless.

The c851 is a full-blown IOS router (ok, not full blown, but all of the
features that you care about for a small deployment). The 851 has a
hardware crypto processor and the "ezvpn" stuff is really simple to set
up and deploy. These boxes will act as a VPN concentrator (Cisco
PC/MAC/Linux client) or as an EzVPN NEM (Network Extension Mode)
concentrator. This means that if your client ever brings up a second
office tying the two together is dead simple. The software support on
the Cisco client is pretty good as well. Its easier to set up then the
Juniper client and more full featured than SSL vpn clients.

You can get 851's for ~$300 (plus $20/year maintenance), which makes
them pretty affordable for someone looking for SOHO+ equipment.

If you decide to go this route and you aren't Cisco savvy feel free to
e-mail me and I'll share some redacted configs with you to help.


Josh Ward <jward@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Network Security Engineer - Network Services
University of Oregon
firewall-wizards mailing list

firewall-wizards mailing list