• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

How do you setup a reliable VPN?

I want to build a reliable VPN for a small company and i want ideas on how to create a reliable full proof VPN.
1 Solution
wuuiAuthor Commented:
all your ideas are welcome.
A you looking to setup a perminant VPN between two corporate networks or between users and a network?
you need a secure vpn terminator.  it also depends on the method of connecting to the internet.  

My suggestion is a Cisco 837 DSL Router with vpn support.  it supports site to site vpn as well as user to site vpn.

If however you are connecting to the net through another method other than dsl you can still use this to terminate vpn. just forward the vpn ports through your firewall or router.

hope this helps :)
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

One simple setup is to just install Windows 2000 server on your outside internet point.  Built-in Routing and Remoting Access allows for VPN connectivity (pretty easy to setup).

However, if you are looking for a little more security, you might install ISA server (Internet Security and Acceleration server.  This will provide full firewall capabilities as well as secure VPN access to your internal network.

Doesn't require the programming of a Cisco router (altough a very good choice).  One downside to using a Cisco router on MS networks is the outdated OS software that has all kinds of complications with NAT and IPSEC.  It actually requires two sets of VPN connections (CISCO VPN and MS VPN) to use theories such as DMZ.

The best VPN I've played with has been with a Cisco 3005 VPN Concentrator.  Rock-solid, secure and relatively easy to configure.  Here's what I used...


Mind you, it's $3k though.

How many people will be connecting?

Many other companies make smaller VPN devices that cost less.  Linksys, 3com, netgear and others build "Cable/DSL" DSL routers that have VPN built-in.

Personally, I'd stick with a dedicated piece of hardware for your VPN connectivity.  If the only thing it can do is VPN, then it's easier to keep all the holes nailed shut.

I run a wide area network for 40 sites, over 4 states. There is a great, rock solid way to do what you want to do.

Dont cheap out, you WILL be sorry.

Buy 2 cisco 1710 routers 800.00 each. Get dsl with static ip addresses, at both locations.

On HQ router, set up internal interface to internal network, and external interface to internet.

Email me for a sample.

On branch router do the same.

now you can create a tunnel interface on both routers to point to the opposite end. Then, you route traffic from one network to the other through the tunnel.

You can create an always on, vpn tunnel using built in tunnel feature with this model router.

I have done this about 19 times. I am leaving monday to go to vegas to do it to two more sites.

If you are fairly adept at networking, it is not hard.
I could send you some sample config files. I'll even do it for you pretty cheap.  

If your interested, email me --> paul@qso.com

The upside of this method is that once setup, it will run forever, like there is a 500 mile network cable between the offices.

I tend to disagree with the other posts here but that really depends on the size of the company you are working with, the internet use and traffic, the incoming connections for internet.

#1, if the incoming connection is or is planned to be a T1 or faster, your client will eventually be required to buy a router.

#2, security should be your primary concern.  Industry standard is to install two alternating brands of a firewall between your incoming internet connection and you r external connection point.  This is recommended, but again, if this is a small company not looking to spend too much money you could run the connection straight to the firewall (my suggestion was ISA - software based).

I would be happy to provide more details but is important to know the path the company may be headed.

This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now