which way to go on network appliances?

Hello all,

I need to setup a 24/7 vpn connection between 6 users in LA and my main office (30m users).  I am looking at appliances like watchguard firebox x, checkpoint safe@office, cisco pix, nortel connectivity  and sonicwall tz170.  I like the idea of vpn/firewall in one appliance.  I am sick of seeing the old pc running a linux ip cop distro that has been acting strange lately.  I am looking for ideas on what is the best way to go to secure both locations and offer vpn connectivity and not give my boss a heart attack when he see how much it costs.

bklynbound01Asked:
Who is Participating?
 
neteducationConnect With a Mentor Commented:
I personally would go for the TZ170... as I like the VPN-Client of Sonicwall much more than the PPTP of windows....

However, $70 is quite a good price... welll  I'd still do it by myself, but that's just personal preference
0
 
NetoMeter ScreencastsCommented:
Hi!
Do you need full mesh or just connectivity to the central site?
If you have just a single use at each remote location that needs access only to the central office than a PIX at the central office and Cisco VPN client for the remote users should be enough.

NetoMeter
0
 
neteducationCommented:
I personally like the sonicwall for both, price and easyness of configuration. However cisco is much more flexible in what you can do.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
bklynbound01Author Commented:
I have 6 users in LA.  I would need a site to site vpn so these users can access client work on the main file server at the main office.  THe LA office will grow and they wil have users that will need access from remote locations.  The pix 501 only comes with 10 vpn tunnels and that may not be enough.  

Someone also said that the pix client connections are not very clean and he doesn't think you can use a username/password or even a radius server (that hits  your AD domain).
0
 
lrmooreCommented:
>The pix 501 only comes with 10 vpn tunnels and that may not be enough.  
You can get a 506e instead for not much more.

>Someone also said that the pix client connections are not very clean and he doesn't think you can use a username/password or even a radius server (that hits  your AD domain).
Absolute RUBBISH! I've set this up for many clients, as well as myself.
Reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml
0
 
bklynbound01Author Commented:
ther pix seem complicated. I am not that knowledgeable on cisco router-ese.
0
 
neteducationCommented:
well then you're probaly best off using the sonic wall, even though I dont kno wwatchguard by myself.
0
 
bklynbound01Author Commented:
Can the sonicwall handle
port forwarding?
can i set up a dmz?
site to site vpn?
what model do you recommend?
0
 
neteducationCommented:
> Can the sonicwall handle
> port forwarding?

Yes, but you need enhanced OS (which I recommend anyway... the standart OS Firewall has really low features)

> can i set up a dmz?

Yes

> site to site vpn?

Yes

> what model do you recommend?

At the remote site: TZ170 with enhanced OS, at least 25 User Version... there is a 10 User Version, but it counts the devices and I have a customer with 5 People working that has problems with the 10User-Version. I'd go for the unlimited User Version anyway, as it's not much more expensive

At the Main Side: Depending on the number of users... up to about 30 Users I'd also take TZ170/enhanced OS, if it's more, I'd rather take a Pro2040, also enhanced OS

0
 
bklynbound01Author Commented:
neteducation,

I am looking at the tz170's now and they look good.  I just found out that my isp offers vpn services and vpn tunnels for site to site.

This would cost another 70$ per month at each site.  A tz170 at each site or pay for the monthly services.  Which way should I go?

I know that if I go with the vpn service through my isp I will only get site to site vpn and not remote access via client.  I guess I could use RRAS built into windows 2000 advanced server.
0
All Courses

From novice to tech pro — start learning today.