VPN question

Posted on 2005-04-28
Last Modified: 2010-04-10
Hello all

i intend to deploy multiple branch VPN and from what I have read so far a hardware based VPN is the best solution my questions are these:

1. Is there central security for these hard ware servers or do they just create and invisible LAN where everyone behind the VPN can automatically access the other VPN sites?

2. I am yet to see a configuration guide for the equipment I am interested in whihc are Cisco 1700 series router and Nethear VPN routers I would be grateful if someone could help me with this guide
Question by:cobuba
    LVL 8

    Accepted Solution

    1: There's both options. 1st is hub and spoke, which is where you have a central site that everything routes through for the VPN, or you can do a full mesh where every site has a VPN tunnel available directly to every other site.

    2: As far as hardware if you're going with the 1700 you'll want the VPN addon card. You may also be better off sticking with a PIX depending on the number of remote sites the 501 may work otherwise the 506 should be sufficient.

    Here's a cisco white paper discussing the site to site VPN deployment options that will go in a lot more detail for you:

    PIX full mesh config info:

    PIX hub and spoke config info:

    That should be more than enough info to keep you reading for a while :)

    LVL 2

    Expert Comment

    Its funny you went to either Cisco, or Netgear.  Linksys is a division of Cisco, and has great product lines creating ipsec vpn tunnels.  i use the RV042 series at many sites.  they run for about 170 dollars, allow you to create 30 tunnels, and they also allow mobile users to connect to them just using the QuickVPN client software that it comes with.  super easy, and totally secure.

    below is my notes for what i use to set them up....

    Upgrade routers first, not after
    Once in the router "Setup" page, click onto the VPN tab.

    First, select the tunnel you want to configure (Tunnel 1 or Tunnel 2) from the "Select Tunnel Entry" drop down box.  The screen will change according to your selection.

    Select the option to Enable in the "This Tunnel" field to enable the tunnel.

    Enter a unique name into the "Tunnel Name" field to name the tunnel.
    Local Secure Group:  the computers on the local network that can access the tunnel.
    Choose subnet, and enter the local subnet of the address (ie
    Remote Secure Group:     the computers on the remote network or on the other end of the tunnel that can access the tunnel.
    Choose subnet with remote network address here (i.e.
    Remote Security Gateway:     the WAN/Internet IP address of the remote or other BEFSX41.

    Encription:                  DES
    Authentication:      MD5
    Key Management (IKE-Auto)
    PFS                   on

    goo luck on your decision.  I usually get flack for suggesting Linksys, but its all in the IPSec, and IP, and they all use the same standards, and, all my tunnels webbing across the us have been great.

    Note though, if you plan to use the QuickVPN client, you need to upgrade the firmware to 1.3.6
    LVL 16

    Expert Comment

    Well if you deploy VPNs using Sonicwall, for example, you can certainly set themup so that VPN traffic *still* has to pass the firewall Access Rules.

    Sonicwalls would sit happily behind Cisco 17xx or most any DSL router (just make sure the DSL router isn't blocking the VPN traffic, esp by trying to do it itself).

    Best layout depends on the nature of the offices and the traffic. Hub and spokes is common, but that assumes you have a "head office" and branch offices. But the system is flexible - examine where your traffic needs to go, who has the heavist bandwidth needs, etc...

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Let’s list some of the technologies that enable smooth teleworking. 
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now