Archived from groups: comp.dcom.vpn (
More info?)
anto_123@yahoo.com wrote:
> I need to allow remote users to access a central server.
> I currently have a seperate firewall and DSL router. And a windows 2000
> server.
>
> currently the set up looks like this
>
> internet---router---firewall---switch----PC/servers
>
> would a VPN firewall affect the router in any way or is the router
> insignificant in such a set up, also would to router or the firewall
> handle the Network Address Transalation(NAT)
>
> Could someone please give me some advice?
> Also what VPN firewall would you suggest for about 10 remote users
> cost not really a major issue
>
> thanks in advance
>
Generally most VPN hardware devices act as both a VPN access point and
your VPN router/firewall. You can however leave your existing
connections in place a put a VPN server in parallel with the existing
equipment if there is a compelling reason to do so.
If the ADSL Router you listed is also your modem you may need to pay
attention to how it is setup. If this is just a plain bridge modem then
you will have no problem. If it is actually providing NAT based routing
then you may need to reconfigure it to turn off the NAT features.
For hardware I would consider a Nortel VPN Router 1010. If you desire
something cheaper then a Netopia 3386-ENT makes a very inexpensive
solution for small networks though I would not want all 10 of your
remote users to be connected at the same time with this device. There
are some other good hardware choices but I don't have personal
experience using them. The Netopia gives lots of bang for the buck for
small networks but has fewer features than the Nortel VPN routers. Both
devices can support PPTP for simple client setups or full IPSec for more
advanced needs. The Nortel contivity can actually support advanced
things like digital certificate based authentication or authentication
against a remote LDAP server for integration with a company wide
directory service like a Novell or Microsoft Directory server. It
wouldn't be a bad idea to hire a good networking security consultant to
set this up and manage it for you too.
Keep in mind that the higher end devices are a bit more expensive then
they seem initially because you usually have to purchase some form of
support contract in order to download software updates. Most low end
devices include free software updates that are available on the public
portion of the manufacturers website.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
Facebook
Twitter
Instagram