Ipsec VPN Router behind Firewall

greentriangle
greentriangle used Ask the Experts™
on
Need to put a vpn device which will have its own dsl service. This will sit behind a firewall. This device will need to VPN out to another site to create a vpn tunnel to access an application.  With this  we will add routes in the firewall to go down vpn tunnel for this program. What i need is a good device to do this vpn, which will only allow vpn the tunnel, and block everything else. That is the only thing going over this this dsl service. What type of device would you recommend? Something like a cisco 800 series or McAfee UTM SG300? Any input would be greatly appreciated....
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
Cisco should work; I use Juniper Netscreen for small business and Netscreen works well also. However, I think you should be using an integrated IPSec VPN device and firewall. It will probably be easier this way and the box will sit immediately behind the DSL modem.

Most businesses would want Internet so that is the default configuration (at least for Netscreen), but you can configure the firewall so as to block anything but the tunnel.
... Thinkpads_User
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
While I'm favouring the Juniper (NetScreen or SSG) devices, too, it should be possible with each IPSec device. If you set only the route to the VPN gateway (no default gateway), no firewall rules are needed to block.

However, I would prefer business class solutions in any case here, but that is a question of budget, security prerequisites, and configuration abilities. Cisco needs a Cisco'si, someone who knows what has to be done.

UTM devices are certainly way to oversized for this. You do not want to protect anything with packet analyzing, deep inspection and thread management. A Deny-All rule for inbound traffic (besides IPSec) is sufficient, and that is feasible with even the cheapest devices.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial