Question : Need to recommend VPN Firewall products.

I have a new client that is a financial services business with two locations, a main office and a branch office. Their main office has a Small Business Server, 25 users, and a Linksys BEFSX41 router connected to a T1/DS1 CSU/DSU for Internet access. Their branch office has 15 users and a Netopia Cayman DSL Router. Users VPN into the main office from home and from the branch office using the Windows VPN client to make PPTP connections to the Small Busineess Server. The company infrequently looses internet access and needs to cycle the power to the Linksys router to get it back again.

I am recommending upgrading to a hardware based VPN for the users at the branch office and upgrading the remaining VPN connections to L2TP or IPsec. Unfortunately, price is a strong consideration in choosing the equipment for this client. I am a little uncertain as to what to recommend to this client since my VPN, firewall, and router experience is limited to RRAS connections to Windows servers, consumer grade broadband routers, a Linksys RV042, a Cisco 1721, and several Netgear ProSafe FVS318s. I am sure a Cisco PIX 515E & 506E or 1721 & 837 combination with the right feature sets would work great, but the price tag is just too high unless purchased on eBay. I need to stay under $1000, and preferably as much under that as I can get without needing to issue instructions to "reboot as necessary." I have a couple of stable site-to-site VPNs using Netgear ProSafe VPN routers, but I don't have any that are supporting more than 6 users. The feature sets of the Linksys RV042, RV082, and RV016 also look promising. However, I am concerned about the potential reliablity and stability of a solution built using Netgear or Linksys products. Does anyone have any experience using products that could be purchaded for under $1000 to support 30-50 users at two locations? What is my best bet?

Answer : Need to recommend VPN Firewall products.

Cisco Pix if you (or they) already have the exertise to run it.

Otherwise I would recommend something with a much more user-friendly learning curve.

SonicWall TZ170 Unlimited at the head office
Sonicwall TZ170 25 user at the branch office

Or

Zyxel Zywall 35 at the head office
Zywall 5 at the branch office.

Actually, if there's no indication of the VPN network spreading any wider (more branch offices, home-workers, etc) then you can use a Zywall 5 at both sites. That should bring the hardware cost in at around half your budget and leave you with some spare cash to pay for them to be configured, if you need that, though the Zywall is pretty easy to set up compared to a PIX...

Random Solutions

Problems with one machine on a network

Question on external IP

Cisco VLAN creation and ACLs

Windows XP Winsock missing after Office 2000 installation.

Catalyst 4006 CATos %SYS-4-P2_WARN Host is flapping

Wireless Web-based authentication Vs. Unsecured Wireless Network

NE2000 drivers?

How to access server through a Router

Cisco router and enable secret