VPN Big Help Needed!

[Gekko_uk]

Hi,

I have a main office, with windows server 2003 machine.

This is the domain controller for the main office, with around 25 client machines using it as a file store etc

I have a smaller office, some many miles away.

Which has a small XP machine acting as a central file server.

There is around 4 clients down there.

This small file server backs up its contents via a VPN connection (PP??) somthing to the main server.

Works fine.

Both offices have ADSL broadband.

I have found if I have more than pc with a VPN connection in small office, the line drops etc.

I have been advised it is out current router - a known fault.

If I try more than one connection from another site (Linksys rotuer + Cable Broadband) it works fine.

Currently we have 2 x Netgear ADSL firwall routers (one at each site).

I am about to purchase 2 x DrayTek Vigor 2600Plus routers. Which I have been told are perfect for the job.

I wish for each office to be able to see each other fully, that is All the machines "think" they are on the same network, all can access main server in head office/small file server in small office.

I beleive this is known as "Lan to Lan" VPN??, I would like a small guide of how to set this up.

I also found out that the VPN protocol that I am using has next to no encryption, so any help on how to do this would also be appreciated.

I can be contacted via email, PM or this post.

Many thanks

Gekko.

[chilifrei64]

I think what you are looking for is a site to site VPN. These work great... I use them all the time because it is far less expensive than a point to point line.

If you want something simple, cheap, and fairly reliable, use a SonicWal TZ170 with 2 vpn licenses(now this does depend on the number of clients.. i wouldnt go over 75 clients with this device). But get one of these for each end.. go through the wizard and it is pretty simple.. I have had a few misc problems with it which are kinda glitchy.

If you want something reliable, go with a cisco PIX 501e with the vpn/3DES bundle. It is a little harder to configure but much more reliable and secure.

I have never used the DrayTek Vigor 2600Plus but it looks like it is its own VPN concentrator. Check and see the availability site to site vpn on those otherwise you should be able to implement either the pix or the sonicwall and just put it on the DMZ on the NetGears and run the same.

[Gekko_uk]

Thanks.

Will look into it.

[RogueSpear]

If you want something reliable, go with a cisco PIX 501e with the vpn/3DES bundle. It is a little harder to configure but much more reliable and secure.

<{POST_SNAPBACK}>

A little harder to install? Lol.. I'm not trying to bust your stones here, but seriously, if someone doesn't have any experience with PIX, not to mention Cisco IOS in general, they are going to need someone else to do the setup for them. I've been around the block a few times and I definately know a thing or two, but when it comes to implementing a PIX to PIX VPN, I always call a buddy of mine for that. It's not for the faint of heart.

Now this may sound a little cheezy, but I've had pretty good experiences using the Linksys VPN endpoints where the cost of two PIX firewalls is simply out of the question. At the time they were running like $180 and may be even less now. It's a very straightforward setup. Is it PIX quality? Absolutely not. But it's feasable for the small shops.

[chilifrei64]

Agreed.. the cisco pix is not easy to configure if you dont have any experience with them. If I were setting one up, I would use a pix. However, yes, everyone has there own working low cost solution. Mine was sonicwall.. I guess I have a habit or recommending the best possible solution in my mind first then give other options later.. I know how some people on this board would go crazy if i went right out with "Use SonicWalls" and this will work for you.. Someone would end up ripping me for my suggestion

[RogueSpear]

While I don't have a familiarity with setting up SonicWall products, I've heard almost nothing but praise for them, especially from my friend who helps me out with the PIX implementations.

It's sort of a funny story for me though. I had a client who knows a little.. enough to be dangerous. He went out and bought these Linksys end points and only then asked me to set them up. Of course I groaned heavily when I heard "Linksys", but you know they really work pretty nice and have been solid to boot. That's my own little story

[COERCITAS]

Not to mention Cisco's PIX is only a filtering firewall, there is no higher layer filter built in.

For the cost, I would recommend Checkpoint or ISA Server 2004 but it is something that may be discussed (PIX have its advantages, ISA or Checkpoint have theirs).

Another solution could be BSD (best one if you ask me is OpenBSD but FreeBSD isn't that bad, never tried NetBSD) or (argh !) Linux, cheaper (well, free actually) but no support.

If cost isn't your main concern and if you only use Microsoft products, go with ISA Server 2004, it is a very very very good Proxy / Firewall (ppl stating the opposite never even tried it, I used to be a Checkpoint / Borderware fan, I am now an ISA fan).