VPN Hardware?

Loomer

Just looking for advice on what to buy to set up a VPN between two sites. Relatively low-end but does the job. What is the best gear from experience?

theciscokid

well we'll need a bit more info on it..

whats the distance?

etc..

Loomer

Its currently a 128k leased line from Dublin to Enfield (Kildare). Theres an old multiplexor in the equation that needs to be taken out. I've heard a standard product is a Nokia device but that it can be unreliable.

Gavin

Obvious reply, but you could go for the usual IPSec/Freeswan solution, two pentium boxes.

OR just use the Win2000 vpn which works remarkably well, though I believe pptp is not particularly secure. The is another vpn thread I remember on this board.. aha ! here it is
http://www.boards.ie/vbulletin/showthread.php?s=&threadid=84299&highlight=pptp

edit - obviously the above is of no use to you When I see VPN, I always think VPN over the internet. Two simple cisco routers will do the trick. Ones I'm familiar with, having done this would be someithng in the Cisco 1600 series. ( and of course, probably lots besides )

Gav

steve-hosting36

Also, check out the Netscreen 5xp (www.netscreen.com) or even the Zyxell Firewalls, all support VPN at a very reasonable price point (ie: less than 600 euro or so)

Gaz

The Cisco PIX 506e firewall has VPN capabilites , easy enough to set up . hasnt given me any problems

zz03

Originally posted by Loomer
Just looking for advice on what to buy to set up a VPN between two sites. Relatively low-end but does the job. What is the best gear from experience?

Have a look at

http://www.snapgear.com/sohoplus.html

Inexpensive and ahead of others at similar price points on vpn security.

VPN related features include:

VPN - IPSec
Peer-to-peer (initiate and terminate)
ESP and AH payloads
Supports aggressive mode
Dead peer detection
Compression (deflate / gzip type algorithm)
DES 56-bit, 3DES 168-bit, AES 256-bit encryption
Hashes HMAC - MD5 and SHA-1 authentication
IKE/ISAKMP Diffie-Hellman key exchange
Diffie-Hellman Groups (1,2,5) and Oakley Groups (14,15,16) to 4096-bits
X.509 certificates DER, PEM formats
Pre-shared secrets
Dynamic IP address end-points
Dynamic DNS IPSec support
Authentication up to 2048-bit for RSA key signatures
Multiple subnets
NAT traversal
Up to 100 IPSec tunnels
Up to 1 Mbps IPSec 3DES throughput
Up to 2 Mbps IPSec AES 128-bit throughput
Up to 2 Mbps IPSec AES 196-bit throughput
Up to 2 Mbps IPSec AES 256-bit throughput
VPN - L2TP
IPSec config Wizard
L2TP over IPSec
Autonomous L2TP
Client: NAT, default route via L2TP
Server: specify client IP address range
VPN - PPTP
v2 client and server
Pass-through mode also
MPPE 40 to 128-bit RC4 encryption
PAP/CHAP/MS CHAPv2 authentication
L2TP & GRE tunneling extensions
Up to 10 PPTP client tunnels
Up to 20 PPTP server tunnels
Up to 2 Mbps RC4 throughput


zz..

flav0rflav

How much are you paying for the leased line? 1000 a month?

The real benefit of using a vpn is to apply it across the regular internet, ie. you get dsl installed in both locations for ~100 a month and all traffic is encrypted and tunneled, giving the appearance of a leased line, ie. a virtual private network.

There is no major benefit to securing and/or tunneling over a leased line, as it is a point to point link with reasonable security.

zz03

Originally posted by flav0rflav
How much are you paying for the leased line? 1000 a month?

The real benefit of using a vpn is to apply it across the regular internet, ie. you get dsl installed in both locations for ~100 a month and all traffic is encrypted and tunneled, giving the appearance of a leased line, ie. a virtual private network.

Whatever he's paying, DSL has to be way cheaper than a leased line.

There is no major benefit to securing and/or tunneling over a leased line, as it is a point to point link with reasonable security.

Depends on the business he's in. I wouldn't like my bank to connect their ATMs or branches with unencrypted leased lines. I wouldn't like any business to be able to process credit card transactions across their network unencrypted - expecially where a PIN in involved. If I was in any business transaction that might be of interest to a telco I would be very careful too!

zz..

XbLaDe

Get DSL in both locations (if possible )as suggested you will save yourself a packet. I linked 3 offices using Netgears Firewall/VPN - FCS318. ( about 170 ea )

Not a bother for the last 4 months ..... although the VPN is software based not hardware ....