[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Need secure affordable VPN solution

Posted on 2006-04-01
Medium Priority
Last Modified: 2012-06-27
My company wants me to set up a VPN between our admin office and a new warehouse across the street. Wireless is not being considered because of security concerns. I like the Cisco PIX 501 because of the wide support available but isn't it expensive? Security is the first priority with cost close on it's heels. The admin office has an SBS2K3 server with an internal domain. Would the SBS VPN server be a viable option? Is it really secure? I really need to find a secure, affordable solution that is diagrammed for simplicity of explanation and evaluation. The admin office has 9 xp pro clients and the new warehouse will have about the same.
Question by:ptrast
  • 5
LVL 78

Expert Comment

by:Rob Williams
ID: 16349960
The built in Windows VPN is actually quite a good VPN. Generally it is configured using the PPTP protocol which is quite secure but not as much so as a hardware solution using IPSec. Also if you have multiple clients and no second server at the remote site it is not the ideal solution. You would be better off with a site to site hardware VPN tunnel. There are dozens of them available, but I doubt anyone here would deny Cisco would be your best choice for security, flexibility or for obtaining support. A pair of PIX 501's would be an excellent choice. You mention "Security is the first priority " so stick with security, however if price wins over, Linksys makes a business class series of routers called the RV0xx that would work very well.Two RV042's would allow complete connectivity between the two offices and cost about 1/2 as much. There are numerous others available but the cost starts to approach that of the Cisco's and you would be better to spend the extra in that case.
The Cisco units for <10 users per site are about $350 US each and the Linksys about $200. To increase the Licenses for the Cisco to 50 users is about another $200, but there is no additional fee for the Linksys. You should also consider a support contract with Cisco.

Information on the Linksys RV042
LVL 78

Expert Comment

by:Rob Williams
ID: 16349977
Sorry, {You mention "Security is the first priority " so stick with security} above should read You mention "Security is the first priority " so stick with Cisco  :-)

Author Comment

ID: 16350527
Could you point me to a good source for the design of a hardware based VPN tunnel, too? Will that info come with the 501's? It seems to me that I only need to install a 501 behind(?) or in front of the router and install the VPN software...on the server? I have done work with Cisco routers but I have never configured a PIX. Do I just interface with the PIX thru a CLI to configure each end? (Maybe these should listed as separate questions). How many hours should I expect to expend? When can you come over and set this up? (just kidding, they want me to do the work and maintain it  :)  ) This must be easy, even for a Microsoft guy, right?  ;) Time to expand my knowledge base, it was bound to happen...
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 78

Expert Comment

by:Rob Williams
ID: 16350582
The Cisco PIX 501's will create your site to site hardware VPN tunnel.
The Cisco's should sit directly behind the modem, between the modem and your local network.
To be honest I haven't set up the Cisco's. You can use the PDM (PIX Device Manager), a graphical interface, to set up the basic tunnel and should be fairly straight forward. More detailed configurations will require some assistance if you haven't worked with Cisco's. One advantage of purchasing a SmartNet Cisco support contract is they will log into your unit remotely and help you to configure. There is also great support here on this message board. There are numerous well trained Cisco techs here.

LVL 78

Accepted Solution

Rob Williams earned 2000 total points
ID: 16350629
You might want to browse this initial set up manual:
Also, the SmartNet support contract as I understand, it allows you to download typical configuration files to upload to your unit.
LVL 78

Expert Comment

by:Rob Williams
ID: 16350988
Thanks ptrast,

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question