Need secure affordable VPN solution

Howdy!
My company wants me to set up a VPN between our admin office and a new warehouse across the street. Wireless is not being considered because of security concerns. I like the Cisco PIX 501 because of the wide support available but isn't it expensive? Security is the first priority with cost close on it's heels. The admin office has an SBS2K3 server with an internal domain. Would the SBS VPN server be a viable option? Is it really secure? I really need to find a secure, affordable solution that is diagrammed for simplicity of explanation and evaluation. The admin office has 9 xp pro clients and the new warehouse will have about the same.
Thanks!
ptrastAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
The built in Windows VPN is actually quite a good VPN. Generally it is configured using the PPTP protocol which is quite secure but not as much so as a hardware solution using IPSec. Also if you have multiple clients and no second server at the remote site it is not the ideal solution. You would be better off with a site to site hardware VPN tunnel. There are dozens of them available, but I doubt anyone here would deny Cisco would be your best choice for security, flexibility or for obtaining support. A pair of PIX 501's would be an excellent choice. You mention "Security is the first priority " so stick with security, however if price wins over, Linksys makes a business class series of routers called the RV0xx that would work very well.Two RV042's would allow complete connectivity between the two offices and cost about 1/2 as much. There are numerous others available but the cost starts to approach that of the Cisco's and you would be better to spend the extra in that case.
The Cisco units for <10 users per site are about $350 US each and the Linksys about $200. To increase the Licenses for the Cisco to 50 users is about another $200, but there is no additional fee for the Linksys. You should also consider a support contract with Cisco.

Information on the Linksys RV042
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1123638171618&pagename=Linksys%2FCommon%2FVisitorWrapper
0
Rob WilliamsCommented:
Sorry, {You mention "Security is the first priority " so stick with security} above should read You mention "Security is the first priority " so stick with Cisco  :-)
--Rob
0
ptrastAuthor Commented:
Could you point me to a good source for the design of a hardware based VPN tunnel, too? Will that info come with the 501's? It seems to me that I only need to install a 501 behind(?) or in front of the router and install the VPN software...on the server? I have done work with Cisco routers but I have never configured a PIX. Do I just interface with the PIX thru a CLI to configure each end? (Maybe these should listed as separate questions). How many hours should I expect to expend? When can you come over and set this up? (just kidding, they want me to do the work and maintain it  :)  ) This must be easy, even for a Microsoft guy, right?  ;) Time to expand my knowledge base, it was bound to happen...
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Rob WilliamsCommented:
The Cisco PIX 501's will create your site to site hardware VPN tunnel.
The Cisco's should sit directly behind the modem, between the modem and your local network.
To be honest I haven't set up the Cisco's. You can use the PDM (PIX Device Manager), a graphical interface, to set up the basic tunnel and should be fairly straight forward. More detailed configurations will require some assistance if you haven't worked with Cisco's. One advantage of purchasing a SmartNet Cisco support contract is they will log into your unit remotely and help you to configure. There is also great support here on this message board. There are numerous well trained Cisco techs here.

0
Rob WilliamsCommented:
You might want to browse this initial set up manual:
http://www.cisco.com/application/pdf/en/us/guest/products/ps2030/c1616/ccmigration_09186a008017da02.pdf
Also, the SmartNet support contract as I understand, it allows you to download typical configuration files to upload to your unit.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob WilliamsCommented:
Thanks ptrast,
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.