wuui
asked on
How do you setup a reliable VPN?
I want to build a reliable VPN for a small company and i want ideas on how to create a reliable full proof VPN.
Hey,
A you looking to setup a perminant VPN between two corporate networks or between users and a network?
A you looking to setup a perminant VPN between two corporate networks or between users and a network?
you need a secure vpn terminator. it also depends on the method of connecting to the internet.
My suggestion is a Cisco 837 DSL Router with vpn support. it supports site to site vpn as well as user to site vpn.
If however you are connecting to the net through another method other than dsl you can still use this to terminate vpn. just forward the vpn ports through your firewall or router.
hope this helps :)
My suggestion is a Cisco 837 DSL Router with vpn support. it supports site to site vpn as well as user to site vpn.
If however you are connecting to the net through another method other than dsl you can still use this to terminate vpn. just forward the vpn ports through your firewall or router.
hope this helps :)
One simple setup is to just install Windows 2000 server on your outside internet point. Built-in Routing and Remoting Access allows for VPN connectivity (pretty easy to setup).
However, if you are looking for a little more security, you might install ISA server (Internet Security and Acceleration server. This will provide full firewall capabilities as well as secure VPN access to your internal network.
Doesn't require the programming of a Cisco router (altough a very good choice). One downside to using a Cisco router on MS networks is the outdated OS software that has all kinds of complications with NAT and IPSEC. It actually requires two sets of VPN connections (CISCO VPN and MS VPN) to use theories such as DMZ.
-rca
However, if you are looking for a little more security, you might install ISA server (Internet Security and Acceleration server. This will provide full firewall capabilities as well as secure VPN access to your internal network.
Doesn't require the programming of a Cisco router (altough a very good choice). One downside to using a Cisco router on MS networks is the outdated OS software that has all kinds of complications with NAT and IPSEC. It actually requires two sets of VPN connections (CISCO VPN and MS VPN) to use theories such as DMZ.
-rca
The best VPN I've played with has been with a Cisco 3005 VPN Concentrator. Rock-solid, secure and relatively easy to configure. Here's what I used...
http://products.insight.com/product/Presentation/index.vm?product_id=CIS410985
Mind you, it's $3k though.
How many people will be connecting?
Many other companies make smaller VPN devices that cost less. Linksys, 3com, netgear and others build "Cable/DSL" DSL routers that have VPN built-in.
Personally, I'd stick with a dedicated piece of hardware for your VPN connectivity. If the only thing it can do is VPN, then it's easier to keep all the holes nailed shut.
Buster
http://products.insight.com/product/Presentation/index.vm?product_id=CIS410985
Mind you, it's $3k though.
How many people will be connecting?
Many other companies make smaller VPN devices that cost less. Linksys, 3com, netgear and others build "Cable/DSL" DSL routers that have VPN built-in.
Personally, I'd stick with a dedicated piece of hardware for your VPN connectivity. If the only thing it can do is VPN, then it's easier to keep all the holes nailed shut.
Buster
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
wuui,
I tend to disagree with the other posts here but that really depends on the size of the company you are working with, the internet use and traffic, the incoming connections for internet.
#1, if the incoming connection is or is planned to be a T1 or faster, your client will eventually be required to buy a router.
#2, security should be your primary concern. Industry standard is to install two alternating brands of a firewall between your incoming internet connection and you r external connection point. This is recommended, but again, if this is a small company not looking to spend too much money you could run the connection straight to the firewall (my suggestion was ISA - software based).
I would be happy to provide more details but is important to know the path the company may be headed.
-rca
I tend to disagree with the other posts here but that really depends on the size of the company you are working with, the internet use and traffic, the incoming connections for internet.
#1, if the incoming connection is or is planned to be a T1 or faster, your client will eventually be required to buy a router.
#2, security should be your primary concern. Industry standard is to install two alternating brands of a firewall between your incoming internet connection and you r external connection point. This is recommended, but again, if this is a small company not looking to spend too much money you could run the connection straight to the firewall (my suggestion was ISA - software based).
I would be happy to provide more details but is important to know the path the company may be headed.
-rca
wuui:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
ASKER