RE: Remote Office VPNs

["John Tolmachoff" <sflist-secbasic () reliance net>]

Why not use a Firewall like a SonicWall Pro 200 or 300 at the main office
and SOHO3 at the remote offices?

That way, the entire remote office is protected and you can easily set up
the VPN between each remote and the Main.

> 2) Should I just go with a IP based VPN from an ISP?

Not with the current firewalls that are available.

John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA  92835
www.reliancesoft.com


-----Original Message-----
From: StraitNo7 () aol com [mailto:StraitNo7 () aol com] 
Sent: Friday, November 08, 2002 11:51 AM
To: security-basics () security-focus com
Subject: Remote Office VPNs

     My question is regarding small remote offices with <25 users.  Business
Class DSL has become an option for small offices since the cost is much less
than a T1.  I need a VPN based solution and need some advice.  I am looking
for your opinions of two different methods of gaining secure connectivity to
a major office:

1) I know many of the draws back with using a small appliance such as a PIX
or symantec appliance and allowing split tunneling (internet access directly
instead of forcing them back through a vpn) but are they really that weak?

Such as using a Cosign box at the CO and allowing the encryption to be done
by the ISP?  It would stay on the private backbone and not enter the public
internet.  Although that last mile would be unencryption just as on a frame
relay.