Re: Multipoint VPN access, but secure - SonicWALL? Other hardware?

From: got a dell (
Date: 08/28/02

From: " got a dell" <>
Date: Tue, 27 Aug 2002 23:31:10 GMT

Seems to me that using PCAnywhere at EVERY client computer at EVERY site
would get a little expensive, wouldn't it?

"David Bodhi" <> wrote in message
> We have various clients currently using SonicWALL security appliances.
> Our goal is to set up a VPN or VPNs that allow our technicians, at any
> VPN site, access to any other client network for maintainance. The
> access we want is not just to the SonicWALL, but also to the computers
> on the internal network at each site, using PCanywhere.
> We're told by SonicWALL tech support that, by using the built-in Group
> VPN and configuring each client site to be part of that group, that
> the different "branches" of the VPN would not be able to see each
> other's computers when browsing their Network Neighborhood, but, by
> enabling the PCanywhere filter, we'd be able to connect to them as
> long as we know the internal IP address of the machine we're after.
> The SonicWALL security settings are pretty good and we can set the
> security at maximum, so, presumably, sites would still be well
> protected from outsiders.
> A few questions still exist:
> *Is* Group VPN the best way to approach this issue?
> Since many of our clients are using cable or DSL connections where the
> WAN IP address of the SonicWALL *might* change, we're looking for a
> way to make the VPN configuration more permanent. SonicWALL tells us
> that the unique identifying name of the specific appliance is not
> available to use to set up the VPN.
> Does anyway know of a way to ensure the VPN connection, even with DHCP
> providing the IP addresses? Other hardware besides the SonicWALL?
> Would we be better off, security-wise, enabling and disabling a VPN on
> the fly, when maintainance is needed, rather than leaving the
> PCanywhere access open? Again, here we run into the potential problem
> of IP addresses changing.
> Presumably a contact person at a customer site could check the WAN IP
> address of their SonicWALL, if that changes, but we'd like something
> less dependent on human beings, if possible.
> Does anyone have any suggestions?