Firewall Wizards mailing list archives
Re: VPN suggestions wanted
From: "Cassell, Damon Z." <dcassell () mitre org>
Date: Mon, 17 Sep 2007 14:23:48 -0400
For those not inclined to deal with IOS at the CLI, Cisco has a very good (and free) Java configuration tool for the 800 series: http://www.cisco.com/en/US/products/sw/secursw/ps5318/index.html Makes configuring these devices very easy. Damon -----Original Message----- From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of Brian Loe Sent: Monday, September 17, 2007 2:11 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] VPN suggestions wanted I'd be interested in the redacted configs for my own learning experience - if I may? On 9/17/07, Josh Ward <jward () network-services uoregon edu> wrote:
tandernam wrote:I'm doing some work with a small company (about a dozen employees) that needs to make their remote access more reliable. I'm looking
to
set up a (new) VPN for them (the old one is a hack job). I'm
looking
for suggestions on a solution, something fairly simple to set up
that
I can just plug between their intranet and the interweb.
Reliability
is key. I'm mostly looking for a hardware solutions (just because I think it would be easier to set up and more reliable), but I'd be
very
interested to hear from anyone who is running a good small-scale (please don't start talking about radius servers...) software
gateway.
They're currently running NAT off their soho modem/router on a DSL. Suggestions and recommendations would be most appreciated.I have used Cisco 851 routers for deployments like this and they work *great*. I actually have something very similar to what you are describing at my house using an 851-wireless. The c851 is a full-blown IOS router (ok, not full blown, but all of
the
features that you care about for a small deployment). The 851 has a hardware crypto processor and the "ezvpn" stuff is really simple to
set
up and deploy. These boxes will act as a VPN concentrator (Cisco PC/MAC/Linux client) or as an EzVPN NEM (Network Extension Mode) concentrator. This means that if your client ever brings up a second office tying the two together is dead simple. The software support
on
the Cisco client is pretty good as well. Its easier to set up then
the
Juniper client and more full featured than SSL vpn clients. You can get 851's for ~$300 (plus $20/year maintenance), which makes them pretty affordable for someone looking for SOHO+ equipment. If you decide to go this route and you aren't Cisco savvy feel free
to
e-mail me and I'll share some redacted configs with you to help. -Josh -- Josh Ward <jward () network-services uoregon edu> Network Security Engineer - Network Services University of Oregon _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN suggestions wanted tandernam (Sep 17)
- Re: VPN suggestions wanted Josh Ward (Sep 17)
- Re: VPN suggestions wanted Brian Loe (Sep 17)
- Re: VPN suggestions wanted Cassell, Damon Z. (Sep 17)
- Re: VPN suggestions wanted Brian Loe (Sep 17)
- Re: VPN suggestions wanted Aaron Smith (Sep 17)
- Re: VPN suggestions wanted Liam Jewell (Sep 18)
- Message not available
- Re: VPN suggestions wanted tandernam (Sep 22)
- Message not available
- Re: VPN suggestions wanted Josh Ward (Sep 17)
- Re: VPN suggestions wanted AMuse The Sane (Sep 21)