How do you setup a reliable VPN?

Posted on 2003-03-13
Medium Priority
Last Modified: 2008-03-04
I want to build a reliable VPN for a small company and i want ideas on how to create a reliable full proof VPN.
Question by:wuui
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Author Comment

ID: 8132431
all your ideas are welcome.

Expert Comment

ID: 8132741
A you looking to setup a perminant VPN between two corporate networks or between users and a network?

Expert Comment

ID: 8132743
you need a secure vpn terminator.  it also depends on the method of connecting to the internet.  

My suggestion is a Cisco 837 DSL Router with vpn support.  it supports site to site vpn as well as user to site vpn.

If however you are connecting to the net through another method other than dsl you can still use this to terminate vpn. just forward the vpn ports through your firewall or router.

hope this helps :)
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.


Expert Comment

ID: 8132796
One simple setup is to just install Windows 2000 server on your outside internet point.  Built-in Routing and Remoting Access allows for VPN connectivity (pretty easy to setup).

However, if you are looking for a little more security, you might install ISA server (Internet Security and Acceleration server.  This will provide full firewall capabilities as well as secure VPN access to your internal network.

Doesn't require the programming of a Cisco router (altough a very good choice).  One downside to using a Cisco router on MS networks is the outdated OS software that has all kinds of complications with NAT and IPSEC.  It actually requires two sets of VPN connections (CISCO VPN and MS VPN) to use theories such as DMZ.


Expert Comment

ID: 8133700
The best VPN I've played with has been with a Cisco 3005 VPN Concentrator.  Rock-solid, secure and relatively easy to configure.  Here's what I used...


Mind you, it's $3k though.

How many people will be connecting?

Many other companies make smaller VPN devices that cost less.  Linksys, 3com, netgear and others build "Cable/DSL" DSL routers that have VPN built-in.

Personally, I'd stick with a dedicated piece of hardware for your VPN connectivity.  If the only thing it can do is VPN, then it's easier to keep all the holes nailed shut.


Accepted Solution

MCSE-2002 earned 200 total points
ID: 8141119
I run a wide area network for 40 sites, over 4 states. There is a great, rock solid way to do what you want to do.

Dont cheap out, you WILL be sorry.

Buy 2 cisco 1710 routers 800.00 each. Get dsl with static ip addresses, at both locations.

On HQ router, set up internal interface to internal network, and external interface to internet.

Email me for a sample.

On branch router do the same.

now you can create a tunnel interface on both routers to point to the opposite end. Then, you route traffic from one network to the other through the tunnel.

You can create an always on, vpn tunnel using built in tunnel feature with this model router.

I have done this about 19 times. I am leaving monday to go to vegas to do it to two more sites.

If you are fairly adept at networking, it is not hard.
I could send you some sample config files. I'll even do it for you pretty cheap.  

If your interested, email me --> paul@qso.com

The upside of this method is that once setup, it will run forever, like there is a 500 mile network cable between the offices.

Expert Comment

ID: 8141460

I tend to disagree with the other posts here but that really depends on the size of the company you are working with, the internet use and traffic, the incoming connections for internet.

#1, if the incoming connection is or is planned to be a T1 or faster, your client will eventually be required to buy a router.

#2, security should be your primary concern.  Industry standard is to install two alternating brands of a firewall between your incoming internet connection and you r external connection point.  This is recommended, but again, if this is a small company not looking to spend too much money you could run the connection straight to the firewall (my suggestion was ISA - software based).

I would be happy to provide more details but is important to know the path the company may be headed.


Expert Comment

ID: 9153119
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question