thepner
asked on
VPN Recommendation
I am looking for a recommendation for a VPN/Firewall that would currently be used on a limited basis. Our need for VPN is currently very basic. Our office has one remote employee that needs access to the network to update a database on the webserver from time to time. Also a few times a month, there is someone outside of the office that may need access while on a remote project for a few days. Which we would set us as a VPN from their computer to our VPN/Firewall.
What VPN/Firewall solutions would you recommend for this situation. I know a lot of people on EE are deeply committed to the PIX for this, but it seems that the PIX 501 and PXI 506E are overkill for this application.
BUT, the possibility is there for us to use VoIP in the future, which would connect 1-4 small branch offices (4 to 6 handsets each) to our HQ. A majority of those branch calls will be through their local PSTN. I assume that because of the use of VoIP we would need a better solution then a $300 VPN router that could handle the QoS required for a number of concurrent VoIP connections. These would be set us as a hardware VPN/Firewall to VPN/Firewall. Would your recommendation change for this senerio?
What VPN/Firewall solutions would you recommend for this situation. I know a lot of people on EE are deeply committed to the PIX for this, but it seems that the PIX 501 and PXI 506E are overkill for this application.
BUT, the possibility is there for us to use VoIP in the future, which would connect 1-4 small branch offices (4 to 6 handsets each) to our HQ. A majority of those branch calls will be through their local PSTN. I assume that because of the use of VoIP we would need a better solution then a $300 VPN router that could handle the QoS required for a number of concurrent VoIP connections. These would be set us as a hardware VPN/Firewall to VPN/Firewall. Would your recommendation change for this senerio?
For basic VPN the PIX or RV042 will work great.
For VoIP it becomes a little more complicated. You can run the VoIP traffic over the existing connection but you would need a router at both ends to prioritise the traffic. You could use the router and get the firewall feature set and configure VPN on the router but it would not be ideal.
Personally I would use a PIX firewall and get a 2nd internet connection (DSL for example) and dedicate that for the VoIP connection which will avoid any QOS issues.
Ideally you would have a PIX firewall as it supports the SIP protocol and avoid any problems with it operating over NAT.
For VoIP it becomes a little more complicated. You can run the VoIP traffic over the existing connection but you would need a router at both ends to prioritise the traffic. You could use the router and get the firewall feature set and configure VPN on the router but it would not be ideal.
Personally I would use a PIX firewall and get a 2nd internet connection (DSL for example) and dedicate that for the VoIP connection which will avoid any QOS issues.
Ideally you would have a PIX firewall as it supports the SIP protocol and avoid any problems with it operating over NAT.
https://www.juniper.net/products/integrated/
I recommend Netscreen's
Here's a spec sheet for there 5gt
http://www.juniper.net/products/integrated/dsheet/110034.pdf
I recommend Netscreen's
Here's a spec sheet for there 5gt
http://www.juniper.net/products/integrated/dsheet/110034.pdf
ASKER
So it agains seems that Cisco is the right hardware for the job. I can see this on the site to site application between branch offices, but what would be a cheaper solutions for the remote home user with one user?
What is the main differences between Cisco's PIX routers.
1) 501 / 10 users or 50 users
3) 506E / ? users
How are these user limits defined? Am I correct in assuming that I need a 501-50 for the Host office (16 computers) and 501-10 for the client office (6-10 company computers)? How will the 501-10 react when a someone accesses the internet with their personal laptop and is the 11th computer? Is this 10 user limit on the concurrent connection or are they saved to the MAC address and reset at some interval?
What would be the reason to upgrade from a 501 to a 506E?
What is the main differences between Cisco's PIX routers.
1) 501 / 10 users or 50 users
3) 506E / ? users
How are these user limits defined? Am I correct in assuming that I need a 501-50 for the Host office (16 computers) and 501-10 for the client office (6-10 company computers)? How will the 501-10 react when a someone accesses the internet with their personal laptop and is the 11th computer? Is this 10 user limit on the concurrent connection or are they saved to the MAC address and reset at some interval?
What would be the reason to upgrade from a 501 to a 506E?
The 501 is the base unit and only has a 10mbps ethernet interface. It comes with different licenses. For example if you have a 10 user license the first 10 machines (IP addresses) it sees on the internal network get access to the internet and any others are denied.
The 506E and above are all unlimited users and differ accourding to their processing power and hence bandwidth and number of VPN users they can accomodate. If you have a fast internet connection or more than a few active VPN sessions then you should go for the 506E instead.
The 506E and above are all unlimited users and differ accourding to their processing power and hence bandwidth and number of VPN users they can accomodate. If you have a fast internet connection or more than a few active VPN sessions then you should go for the 506E instead.
ASKER
jabill, sorry didn't see your comment earlier. I ran a pricing compairison between the Juniper netscreens (5GT) and the Cisco Pix 501 and they all seem to be more expensive. I believe this is a fair compairison since both allow a max of 10 VPN tunnels.
PIX (unlimited users) $560 - Netscreen 5GT (unlimited users) $700
In your opinion, what makes the Netscreen a better value over the PIX? From what I read, people really like the Administration GUI
PIX (unlimited users) $560 - Netscreen 5GT (unlimited users) $700
In your opinion, what makes the Netscreen a better value over the PIX? From what I read, people really like the Administration GUI
This might help, in your decision making
https://www.juniper.net/solutions/literature/buyer_guide/710008.pdf
https://www.juniper.net/solutions/literature/buyer_guide/710008.pdf
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Jim,
Your extra information was really helpful. I can see that both the PIX and NS fit our needs. It sounds like a bit of preferences since our VPN speed is bottlenecked by our T1 connection anyway. I will keep both in mind as options for our upgrade. Thanks again.
Your extra information was really helpful. I can see that both the PIX and NS fit our needs. It sounds like a bit of preferences since our VPN speed is bottlenecked by our T1 connection anyway. I will keep both in mind as options for our upgrade. Thanks again.
http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C2%26cid%3D1123638171618&pagename=Linksys%2FCommon%2FVisitorWrapper
For the record they have a compatible wireless unit, the WRV54G. VPN seems to work great but unable to get V0IP phones to work with it (using wired ports).