For those not inclined to deal with IOS at the CLI, Cisco has a very
good (and free) Java configuration tool for the 800 series:

http://www.cisco.com/en/US/products/...318/index.html

Makes configuring these devices very easy.

Damon



-----Original Message-----
From: firewall-wizards-bounces@listserv.cybertrust.com
[mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of
Brian Loe
Sent: Monday, September 17, 2007 2:11 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] VPN suggestions wanted

I'd be interested in the redacted configs for my own learning
experience - if I may?

On 9/17/07, Josh Ward wrote:
> tandernam wrote:
> > I'm doing some work with a small company (about a dozen employees)
> > that needs to make their remote access more reliable. I'm looking

to
> > set up a (new) VPN for them (the old one is a hack job). I'm

looking
> > for suggestions on a solution, something fairly simple to set up

that
> > I can just plug between their intranet and the interweb.

Reliability
> > is key. I'm mostly looking for a hardware solutions (just because I
> > think it would be easier to set up and more reliable), but I'd be

very
> > interested to hear from anyone who is running a good small-scale
> > (please don't start talking about radius servers...) software

gateway.
> > They're currently running NAT off their soho modem/router on a DSL.
> > Suggestions and recommendations would be most appreciated.

>
> I have used Cisco 851 routers for deployments like this and they work
> *great*. I actually have something very similar to what you are
> describing at my house using an 851-wireless.
>
> The c851 is a full-blown IOS router (ok, not full blown, but all of

the
> features that you care about for a small deployment). The 851 has a
> hardware crypto processor and the "ezvpn" stuff is really simple to

set
> up and deploy. These boxes will act as a VPN concentrator (Cisco
> PC/MAC/Linux client) or as an EzVPN NEM (Network Extension Mode)
> concentrator. This means that if your client ever brings up a second
> office tying the two together is dead simple. The software support

on
> the Cisco client is pretty good as well. Its easier to set up then

the
> Juniper client and more full featured than SSL vpn clients.
>
> You can get 851's for ~$300 (plus $20/year maintenance), which makes
> them pretty affordable for someone looking for SOHO+ equipment.
>
> If you decide to go this route and you aren't Cisco savvy feel free

to
> e-mail me and I'll share some redacted configs with you to help.
>
> -Josh
>
> --
> Josh Ward
> Network Security Engineer - Network Services
> University of Oregon
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards