JTCollins
asked on
Choosing a VPN solution for mobile remote clients
I'm looking for a VPN solution for mobile users.
We've been using the built in Server 2k3 vpn, but have had problems with connectivity behind different routers, Linksys especially seems to block the connection.
I'm a big fan of Watchguard, but am not adverse to other options. I was thinking about using a SSL VPN solution, but if there is an IPSEC technology out there that will bypass these problems I'd love to here about it.
Also if your suggested product is a security solution as well as a VPN, a big help if it can run exchange using RPC over HTTP.
Thanks in advance for your help
JT
We've been using the built in Server 2k3 vpn, but have had problems with connectivity behind different routers, Linksys especially seems to block the connection.
I'm a big fan of Watchguard, but am not adverse to other options. I was thinking about using a SSL VPN solution, but if there is an IPSEC technology out there that will bypass these problems I'd love to here about it.
Also if your suggested product is a security solution as well as a VPN, a big help if it can run exchange using RPC over HTTP.
Thanks in advance for your help
JT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The big factor with IPSec VPN using Watchguard Mobile User VPN is that clients will need to install the Watchguard client and a configuration file. Granted, you can make this available from a secure https or FTP server, but it still means an 8MB download for each client.
The Watchguard SSL VPN is efectively the Citrix SSL gateway OEM'ed. It's a very powerful product.
There are other solutions- suh as Citrix Presentation Server with a secure web interface.
The Watchguard SSL VPN is efectively the Citrix SSL gateway OEM'ed. It's a very powerful product.
There are other solutions- suh as Citrix Presentation Server with a secure web interface.
ASKER
You know, I feel ridiculous.
I've setup 9 office to office VPNs so was well aware of the need for different subnets, but that never even occurred to me...btw we're using IPSEC.
Regardless of my brief lapse into the world of incompetence, I still need a beefier solution than we have now.
I haven't used Cisco's much outside of the pix 501 series, this was in 03 when they were still command line only, is there a GUI on the ASA and how is it?
I like the VPN throughput to price point that Watchguard offers versus Cisco (at least the last time I did serious research on it, about 9 months ago).
I spoke with Watchguard on Monday and the Firebox® SSL Core" Gateway is at its end of life cycle. The rep said they would be launching a new one in fall.
I don't need an extremely high end solution, scalable of course but trying to stay under the 700ish price range. If that will get me a security solution and vpn solution in one box all the better.
servitinfo:
I'm not familiar with FortiNet but I'll definitely check them out.
hstiles:
I'm ok with the WG client, the laptops will be in a corporate networking environment so I'll push down the install on logins, on the SSL box where exactly do the clients connect to after VPN authentication? Do they run apps directly from their computer or a remote session? Do I have to do any TS licensing?
I've setup 9 office to office VPNs so was well aware of the need for different subnets, but that never even occurred to me...btw we're using IPSEC.
Regardless of my brief lapse into the world of incompetence, I still need a beefier solution than we have now.
I haven't used Cisco's much outside of the pix 501 series, this was in 03 when they were still command line only, is there a GUI on the ASA and how is it?
I like the VPN throughput to price point that Watchguard offers versus Cisco (at least the last time I did serious research on it, about 9 months ago).
I spoke with Watchguard on Monday and the Firebox® SSL Core" Gateway is at its end of life cycle. The rep said they would be launching a new one in fall.
I don't need an extremely high end solution, scalable of course but trying to stay under the 700ish price range. If that will get me a security solution and vpn solution in one box all the better.
servitinfo:
I'm not familiar with FortiNet but I'll definitely check them out.
hstiles:
I'm ok with the WG client, the laptops will be in a corporate networking environment so I'll push down the install on logins, on the SSL box where exactly do the clients connect to after VPN authentication? Do they run apps directly from their computer or a remote session? Do I have to do any TS licensing?
I recommended Cisco as I have switched form Watchguard to Cisco. I am not a staff IT support person, but rather an independent, and I found Cisco is such a standard in the industry, it was a far easier sell than any other product. For example I recently went into a car dealership that did financing and they asked why they should but a Cisco from me. I asked them to get out their Equifax security questioner, and read the first question; "do you have a Cisco firewall in place". Basically in the IT world there is Cisco, and the other guys.
As for pricing I haven't found much difference when you are comparing apples to apples. You should have a SmartNet contract with it, which ups the price slightly, but still very reasonable, and the support is fantastic.
As for usability, I am quite comfortable with VPN's but by no means a "Cisco Guy" or a CCNA, however I have never had a problem configuring any features I need to use on an ASA5500, as the GUI is very user friendly.
Though I haven't worked with SSL VPN's and Cisco, the newer ASA series has that as an option should you feel it is necessary.
As for pricing I haven't found much difference when you are comparing apples to apples. You should have a SmartNet contract with it, which ups the price slightly, but still very reasonable, and the support is fantastic.
As for usability, I am quite comfortable with VPN's but by no means a "Cisco Guy" or a CCNA, however I have never had a problem configuring any features I need to use on an ASA5500, as the GUI is very user friendly.
Though I haven't worked with SSL VPN's and Cisco, the newer ASA series has that as an option should you feel it is necessary.
ASKER
Thanks for the help everyone,
I wound up going with the CISCO ASA5505-50-BUN-K9, my decision to go with Cisco was largely based on the fact that it took 3 days for WG to call me back from a message I left w/ pre-sale questions. I've dealt with Cisco and used their SmartNet service in the passed and it was a good experience.
Thanks for all the help.
JT
I wound up going with the CISCO ASA5505-50-BUN-K9, my decision to go with Cisco was largely based on the fact that it took 3 days for WG to call me back from a message I left w/ pre-sale questions. I've dealt with Cisco and used their SmartNet service in the passed and it was a good experience.
Thanks for all the help.
JT
Thanks JTCollins. Think you made a good choice. I have been very pleased with both the similar units I have bought, and the support. As I mentioned earlier, like you, I find Watchguard's support very slow to respond.
Cheers !
--Rob
Cheers !
--Rob
The have far more features than WatchGuard, are easy to configure and not bound by user limits.
Second of all, if you want a true secure solution, do forget PPTP. It's not very secure.
I would recommend a FG in combination with Vasco Tokens in SSL-VPN mode.