Need help understanding VPN Solutions

Posted on 2005-05-16
Last Modified: 2008-02-26
First, I'm new to VPN so if my concepts are wrong.  Please help me understand what's going on here.

We need an environment to build distributed client-server software among 10 subcontractors.

We recently decided we needed a project VPN for 10 remote sites. (each in seperate corporations)  Our corporate IT department put together a proposal to use 10 Connectivity "VPN in a box" and a "Conitivity 600" as a central server.  
The Conitivity 600 would sit on our corporate DMZ.  Total price including Labor, Licencing, and SLAs is approx: $24K.
Long story short, my boss throws a fit.  He's unwilling to spend $24K.  I'm supposed to find a less expensive solution?

What's available?  What's best for our situation?  What will allow our developers adequate flexibility?
1.  OpenVPN?  a.  How would it work through corporate firewalls?  b.  What else besides all opening Ports 1140 on UDP and we installed OPenVPN on  a server?
2.  Citrix?
3.  I recall at one time Genuity had a product called "Managed VPN" where we all install client software and they handle the rest.  Do products like this still exists?  Worth it?  Who provides?
Question by:tmonteit
    LVL 79

    Accepted Solution

    $24K is a bargain since it included labor to roll it out.

    Want cheap, you get what you pay for.
    1. There are many open VPN Linux 'free' solutions, but you'd better have a pack of linux gurus to help you roll it out
    2. Citrix will cost you *way* more than $24k
    3. Most of the major Telcos (AT&T, MCI, Sprint) have a manged vpn solution bundle, but it's not cheap.

    Want really cheap and simple to set up?
    Linksys RV042 VPN router at each location with a DSL connection
    Linksys RV016 at Corp HQ, unless you have a T1 instead of DSL
    2 minutes with a web page setup and you can pre-configure the remote sets and ship them out for self install.
    Alternative at HQ is Cisco PIX FW as the VPN hub. Drawback to either solution = no site-site communication.

    Alternative: Cisco 837 router at each remote site, and a 2600 series at Corp using Multipoint GRE with encrypted sessions. Very cost-effective, but you need someone who really knows their Cisco stuff to get it up and running.

    Again, $24k breaks down to about $2k per site. $500 minimum onsite service charge, $1000 for hardware and the rest for Project Management, licensing and other stuff. Not too bad, but with the Linksys solution:
    Linksys RV042 = $175 /each
    30 minutes of your time to unpack, configure, save, test, pack back up and ship = $100
    Extra shipping charge = $20
    15 minutes for remote secretary to plug in, another 15 minutes to verify that everything is working - $40
    Linksys RV016 for HQ = $425
    Your time at HQ = 'priceless' (couldn't resist) - $50/site

    $335/site * 10 sites = $3350 + $925 for HQ = $4275
    About 1/5 the price..
    Zero SLA, Zero license fees, zero monitoring, little support...

    This site might help you find service providers for your area

    LVL 79

    Expert Comment

    Good primer on VPN's

    Linksys "how-to"
    LVL 3

    Expert Comment

    lrmoore, really has break down to $...I think it is very good advise .(to save bucks)
    But sometime save $ today cost you $$ later. (Poor Performance - Time is money)

    Does your HQ own any Server?
    How many users are to be connect to HQ via VPN?
    Does your application support VPN?
    Citrix is very nice tool, but RDP is also nice and lot cheaper,(But require Server 2000 or 2003 w/Licenses)


    Expert Comment

    If you are opening your network up to other companies, you really need reliable security.  I think that an all-Linksys (or all-Netgear, etc) solution would be dangerous.  If your boss is really budget concious, consider a Cisco at your place and low-end VPN routers (Linksys, Netgear) at the remote sites.

    I am in a similar situation, managing a VPN with about 12 sites.  For the most part, there is one central office and 11 remote sites (smaller offices, homes, etc.)  I started out with all Netgear FVS318s.  For a street price of about $125, they couldn't be beat.  

    Eventually, I became unhappy with the throughput and switched the central office to an FVL328 (about $300-something).  It turned out to be flaky and finally failed.  It has now been replaced with a Cisco 831 which cost somewhere bewteen $500 and $1000.  

    I can't say enough good things about the Cisco support.  You do get what you pay for.  When I look at the amount of lost productivity that my customer suffered due to intermittent problems with the Netgear, the Cisco seems very reasonably priced.  With Cisco's help, I have been able to leave the Netgear FVS318's at the remote sites and I have full, reliable connectivity with the added security features of the Cisco.  Warning: it takes some time to learn Cisco's IOS in order to manage the Cisco router yourself, but I think it is worth it.

    I have asked Cisco for permission to post the Netgear-to-Cisco VPN configurations that we developed and they have said okay.  Post again if you are interested in details.

    Author Comment

    aleinbach,  would like to see the configurations if you can share....

    Expert Comment

    Sorry for the delay.  I have posted a quickie overview at:

    I hope to redo this when I have a free moment and make it a little clearer and more explanatory.  In the meantime, if you have any questions, please feel free to contact me at

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now