This is a discussion on Re: [fw-wiz] VPN suggestions wanted - Firewalls ; I'd be interested in the redacted configs for my own learning experience - if I may? On 9/17/07, Josh Ward wrote: > tandernam wrote: > > I'm doing some work with a small company (about a dozen employees) > > ...
I'd be interested in the redacted configs for my own learning
experience - if I may?
On 9/17/07, Josh Ward
> tandernam wrote:
> > I'm doing some work with a small company (about a dozen employees)
> > that needs to make their remote access more reliable. I'm looking to
> > set up a (new) VPN for them (the old one is a hack job). I'm looking
> > for suggestions on a solution, something fairly simple to set up that
> > I can just plug between their intranet and the interweb. Reliability
> > is key. I'm mostly looking for a hardware solutions (just because I
> > think it would be easier to set up and more reliable), but I'd be very
> > interested to hear from anyone who is running a good small-scale
> > (please don't start talking about radius servers...) software gateway.
> > They're currently running NAT off their soho modem/router on a DSL.
> > Suggestions and recommendations would be most appreciated.
> I have used Cisco 851 routers for deployments like this and they work
> *great*. I actually have something very similar to what you are
> describing at my house using an 851-wireless.
> The c851 is a full-blown IOS router (ok, not full blown, but all of the
> features that you care about for a small deployment). The 851 has a
> hardware crypto processor and the "ezvpn" stuff is really simple to set
> up and deploy. These boxes will act as a VPN concentrator (Cisco
> PC/MAC/Linux client) or as an EzVPN NEM (Network Extension Mode)
> concentrator. This means that if your client ever brings up a second
> office tying the two together is dead simple. The software support on
> the Cisco client is pretty good as well. Its easier to set up then the
> Juniper client and more full featured than SSL vpn clients.
> You can get 851's for ~$300 (plus $20/year maintenance), which makes
> them pretty affordable for someone looking for SOHO+ equipment.
> If you decide to go this route and you aren't Cisco savvy feel free to
> e-mail me and I'll share some redacted configs with you to help.
> Josh Ward
> Network Security Engineer - Network Services
> University of Oregon
> firewall-wizards mailing list
firewall-wizards mailing list