For those not inclined to deal with IOS at the CLI, Cisco has a very
good (and free) Java configuration tool for the 800 series:

Makes configuring these devices very easy.


-----Original Message-----
[] On Behalf Of
Brian Loe
Sent: Monday, September 17, 2007 2:11 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] VPN suggestions wanted

I'd be interested in the redacted configs for my own learning
experience - if I may?

On 9/17/07, Josh Ward wrote:
> tandernam wrote:
> > I'm doing some work with a small company (about a dozen employees)
> > that needs to make their remote access more reliable. I'm looking

> > set up a (new) VPN for them (the old one is a hack job). I'm

> > for suggestions on a solution, something fairly simple to set up

> > I can just plug between their intranet and the interweb.

> > is key. I'm mostly looking for a hardware solutions (just because I
> > think it would be easier to set up and more reliable), but I'd be

> > interested to hear from anyone who is running a good small-scale
> > (please don't start talking about radius servers...) software

> > They're currently running NAT off their soho modem/router on a DSL.
> > Suggestions and recommendations would be most appreciated.

> I have used Cisco 851 routers for deployments like this and they work
> *great*. I actually have something very similar to what you are
> describing at my house using an 851-wireless.
> The c851 is a full-blown IOS router (ok, not full blown, but all of

> features that you care about for a small deployment). The 851 has a
> hardware crypto processor and the "ezvpn" stuff is really simple to

> up and deploy. These boxes will act as a VPN concentrator (Cisco
> PC/MAC/Linux client) or as an EzVPN NEM (Network Extension Mode)
> concentrator. This means that if your client ever brings up a second
> office tying the two together is dead simple. The software support

> the Cisco client is pretty good as well. Its easier to set up then

> Juniper client and more full featured than SSL vpn clients.
> You can get 851's for ~$300 (plus $20/year maintenance), which makes
> them pretty affordable for someone looking for SOHO+ equipment.
> If you decide to go this route and you aren't Cisco savvy feel free

> e-mail me and I'll share some redacted configs with you to help.
> -Josh
> --
> Josh Ward
> Network Security Engineer - Network Services
> University of Oregon
> _______________________________________________
> firewall-wizards mailing list

firewall-wizards mailing list
firewall-wizards mailing list