Small Business Hardware VPN / Router (s)

[partner1220]

Hello,

I'm looking to deploy a hardware VPN appliance at a site for occasional remote users (under 5). There is also a remote site with 2 users that need to be able to connect to the main site. I'm hoping to configure another hardware appliance at the remote site and set up a site-to-site VPN to the main site.

Ideally, hardware would be under $500 total for both. I know this probably isn't likely at this price point, but I'd like to have it integrate with Active Directory so they don't require yet another unsync'd password.

I'm looking for hardware recommendations for both sides. I'm considering the Linksys RV series, but wasn't sure what other options were out there. Can anyone make some recommendations?

Thanks!

 

[msabo]

Have a look at the Cisco ASA5505. Not sure what your pricing would be however.

 

[msabo]

Looks like NewEgg does carry the Cisco ASA5505 - it's $358. Its a bit above your target, but this is the one I would go with.

The NetGear FVX538 is a little less.

 

[YeOldeStonecat]

The Linksys/Cisco RV0 series is good.
They have a built in PPTP VPN server which is rock solid. Only drawback, is it will only allow up to 5x PPTP VPN users.

The site to site IPSec VPN tunnel is pretty good.

Their built in IPSec "QuickVPN" client for "road warriors" leaves a bit to be desired...last time I used it. They've upgraded that a few times now, it may have gotten solid. They can take up to 50x of these clients.

Otherwise...a fine, solid, fast router, stable, and able to handle heavy loads.

I have many many of them out in service with my clients.

 

[k1pp3r]

Looks like NewEgg does carry the Cisco ASA5505 - it's $358. Its a bit above your target, but this is the one I would go with.

The NetGear FVX538 is a little less.

Please note that the mentioned model of ASA above will only allow 10 devices behind the firewall.

Will also allow 10 concurrent VPN users

I like the asa's they are solid devices

 

[YeOldeStonecat]

Another consideration..which can meet your desire to have AD integration..yet still keep it within your budget...
A UTM distro called "Untangle"
Install on your own hardware.

 

[xphil3]

Please note that the mentioned model of ASA above will only allow 10 devices behind the firewall.

dude, what? Where did you hear that from? I can assure you that you can have more than 10 devices behind the ASA5505.. Maybe you're confusing it with the 10K concurrent session limit?

 

[k1pp3r]

dude, what? Where did you hear that from? I can assure you that you can have more than 10 devices behind the ASA5505.. Maybe you're confusing it with the 10K concurrent session limit?

Its how the Cisco licensing works, you have 3 basic ASA bundles


ASA5505-BUN-K9 - 10 User Bundle
ASA5505-50-BUN-K9 - 50 user bundle
ASA5505-UL-BUN-K9 - unlimited user bundle

Then you have the sec plus and vpn editions.

The 5505 licensing works the following way

the bundle amount refers to internal users, located on the inside network of an ASA 5505, that can concurrently access the Internet or other resources through the outside interface of the device.

* This information came direct from my cisco rep

 

[xphil3]

Its how the Cisco licensing works, you have 3 basic ASA bundles


ASA5505-BUN-K9 - 10 User Bundle
ASA5505-50-BUN-K9 - 50 user bundle
ASA5505-UL-BUN-K9 - unlimited user bundle

Then you have the sec plus and vpn editions.

The 5505 licensing works the following way

the bundle amount refers to internal users, located on the inside network of an ASA 5505, that can concurrently access the Internet or other resources through the outside interface of the device.

* This information came direct from my cisco rep

I know exactly how Cisco licensing works. You need to be more accurate with your statements in your original post. Technically 10 IP addresses can only be translated at any given moment(depending on xlate), with the 11th being stuck in a "queue".

Like I said, more than 10 devices can reside behind the the inside interface on the firewall. Depending on setup more than 10 devices can traverse the outside interface. I have personally setup ASA5505's with around 20 users without any kind of problems.

Back to the OP: personally I love the 800 series ISR's.... I say give them a shot. You will lose hardware VPN though(as everything will be processed).... oh well, you wont notice much of a performance difference. I promise

 

[partner1220]

The Linksys/Cisco RV0 series is good.
They have a built in PPTP VPN server which is rock solid. Only drawback, is it will only allow up to 5x PPTP VPN users.

The site to site IPSec VPN tunnel is pretty good.

Their built in IPSec "QuickVPN" client for "road warriors" leaves a bit to be desired...last time I used it. They've upgraded that a few times now, it may have gotten solid. They can take up to 50x of these clients.

Otherwise...a fine, solid, fast router, stable, and able to handle heavy loads.

I have many many of them out in service with my clients.

Would you recommend the RV series at both sites (main and remote)?

Thanks!

 

[MorfiusX]

I use an ASA5505 + Windows VPN Client (Vista x64) + Windows IAS (RADIUS) for authentication. This gives me single sing on with decent encryption that is centrally managed.

 

[YeOldeStonecat]

Would you recommend the RV series at both sites (main and remote)?

Thanks!

If it meets your needs...sure. No AD integration, but that often isn't a show stopper. For the price...it's a great feature and performance set. Hard to beat unless you go with a *nix distro.

 

[partner1220]

If it meets your needs...sure. No AD integration, but that often isn't a show stopper. For the price...it's a great feature and performance set. Hard to beat unless you go with a *nix distro.

Now that I think through it more, there will be very few (if any) remote users outside of the remote site. So there won't really be any passwords to sync.

Thanks all!

 

[marley1]

for 2 users? just get a nice firewall/router at main site, have the remote users connect through pptp, and dont worry bout site to site vpn.

freedom9 freeguard 100 will work for ya, i may be able to do it under your budget =) integrates with AD, or local pptp users.

 

[xphil3]

for 2 users? just get a nice firewall/router at main site, have the remote users connect through pptp, and dont worry bout site to site vpn.

freedom9 freeguard 100 will work for ya, i may be able to do it under your budget =) integrates with AD, or local pptp users.

PPTP is no substitute for IPsec. For this scenario lan to lan ipsec tunnels are the answer, unless you want to go remote access ipsec.

Panther,

http://www.newegg.com/Product/Product.aspx?Item=N82E16833120012

like the others, its a bit over your budget but will suit you perfectly. You can shop around and find them a bit cheaper. Obviously you will get the standard smartnet contract with this so if you're not familiar with setting up VPN, call TAC and they are required to do your entire configuration

A few cons:
Only 4 VLANs can be used
No hardware encryption(VPN) which you would get with the ASA

 

[marley1]

why is it hte answer, from what i read, he wants to 2 users to authenticate with AD and gain access to files.

but again the first post didn't give much of what he wants.

 

[stormy1]

Netopia 4686-XL