jGams
asked on
Whats your VPN dream setup?
Hi,
So we may have some money to spend at the end of the year on some new equipment. Right now we just have a win2k3 server behing a linksys router. Our current setup is pretty simple. Just have the VPN/DHCP role in win2k3 running, and users connect through the "network connection" wizard on their laptops (winxp). Does anyone have any tips about the VPN hardware available? So far i've looked at hotbrick, sonicwall, netgear and cisco ... But im not to sure at what i should be looking for ... or if we really even need to change our current setup.
Whats your thoughts or personal experiences with VPN setups?
So we may have some money to spend at the end of the year on some new equipment. Right now we just have a win2k3 server behing a linksys router. Our current setup is pretty simple. Just have the VPN/DHCP role in win2k3 running, and users connect through the "network connection" wizard on their laptops (winxp). Does anyone have any tips about the VPN hardware available? So far i've looked at hotbrick, sonicwall, netgear and cisco ... But im not to sure at what i should be looking for ... or if we really even need to change our current setup.
Whats your thoughts or personal experiences with VPN setups?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and not to forget Nokia VPN boxes.... they are also state of art... just a bit over complicated.
Failover? Cisco's got it:
- Failover to a secondary box? Cisco PIX 7.x or Cisco ASA
- Dual-ISP failover links? Cisco PIX 7.x or Cisco ASA
SSL VPN? - Cisco ASA
Bottom line is, if you want the best, go with Cisco. They've been around a long time, they invest a couple of billion $ each yr in R&D to improvements & new technology, you'll get great support, their hardware is bullet-proof, their firewalls have proven they're stable & secure, & the company will be around for years to come.
cheers
- Failover to a secondary box? Cisco PIX 7.x or Cisco ASA
- Dual-ISP failover links? Cisco PIX 7.x or Cisco ASA
SSL VPN? - Cisco ASA
Bottom line is, if you want the best, go with Cisco. They've been around a long time, they invest a couple of billion $ each yr in R&D to improvements & new technology, you'll get great support, their hardware is bullet-proof, their firewalls have proven they're stable & secure, & the company will be around for years to come.
cheers
Most enterprise class have failover to another box, I meant failover to a seperate VPN link as in
http://www.stonesoft.com/en/products_and_solutions/products/vpn/index.html
Cisco SSL VPN or Neoteris http://www.juniper.net/company/presscenter/pr/2006/pr-060306.html
Cisco isnt the best at anything
Firewall Better Cisco = Netscreen (Firewall around longer than Pix)
Switch better than Cisco = Extreme,Foundry (Far better product)
Routers= Juniper
SSL VPN = Any other make apart from whale
http://www.stonesoft.com/en/products_and_solutions/products/vpn/index.html
Cisco SSL VPN or Neoteris http://www.juniper.net/company/presscenter/pr/2006/pr-060306.html
Cisco isnt the best at anything
Firewall Better Cisco = Netscreen (Firewall around longer than Pix)
Switch better than Cisco = Extreme,Foundry (Far better product)
Routers= Juniper
SSL VPN = Any other make apart from whale
ASKER
Wow, Thanks for the replies everyone!
Looks like cisco seems to be the fav so far. One question about the cisco box ... Do you have to use the actual cisco vpn client to connect to the VPN? or can you just use a regular winxp vpn connection?
The reason i ask is because i know of some ppl who have to connect to multiple clients .. each with their own weird vpn setup that uses different software. I had a few buddies who had to use the cisco client, and once installed, they were no longer able to connect with any of the other clients software. It was like the cisco client had blocked all other vpn usage ... Would this be an isolated problem, or could this potentially happen to us if we setup shop with a cisco box?
any thoughts?
Looks like cisco seems to be the fav so far. One question about the cisco box ... Do you have to use the actual cisco vpn client to connect to the VPN? or can you just use a regular winxp vpn connection?
The reason i ask is because i know of some ppl who have to connect to multiple clients .. each with their own weird vpn setup that uses different software. I had a few buddies who had to use the cisco client, and once installed, they were no longer able to connect with any of the other clients software. It was like the cisco client had blocked all other vpn usage ... Would this be an isolated problem, or could this potentially happen to us if we setup shop with a cisco box?
any thoughts?
Cisco can be configured to use IPSec and their client, or PPTP and the Windows client if you prefer. I haven't had problems with the Cisco client conflicting, but I agree many VPN clients do not play well together,
The Cisco ASA can be an endpoint for either Cisco's IPSEC VPN client, or Microsoft PPTP VPN client, or both simultaneously. Either can also be supported from an inside client going to an external vpn server.
The Cisco VPN client is preferred because YOU control all client behavior wheras the USER controls all client behavior of Microsoft client.
Many VPN clients do not play well together. Nortel and Cisco don't play nice on the same PC. Many IPSEC clients don't play nice with XP's built in IPSEC capabilities.
I've never had a problem using both Cisco VPN and Microsoft VPN on the same laptop.
The Cisco VPN client is preferred because YOU control all client behavior wheras the USER controls all client behavior of Microsoft client.
Many VPN clients do not play well together. Nortel and Cisco don't play nice on the same PC. Many IPSEC clients don't play nice with XP's built in IPSEC capabilities.
I've never had a problem using both Cisco VPN and Microsoft VPN on the same laptop.
Yep Cisco VPN client won't conflict at all with Window's built-in PPTP VPN. Agree that most 3rd-party vendors' VPN clients don't coexist well or at all on the same PC, such as Cisco & SonicWall. *Sometimes you can work around this by temporarily disabling 1 of the 3rd party clients while you use the other, eg: stopping the Cisco VPN service daemon or disabling the vendor-specific VPN virtual interface.
cheers
cheers
ASKER
Thanks for the help everyone. This information has given me a good stepping stone in my search.
Cheers.
Cheers.
Thanks jGams, good luck with your decision.
--rob
--rob
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html