VPN Router?

[blkdragon201]

Hi everyone I currently am in a small business setting with about 10 computers hooked up to a simple wireless router. I also have a NAS hooked up to the LAN. I want to have the NAS freely accessible to all employees when they are out of the LAN.
The problem is that the NAS only supports FTP and no form of secure FTP.
I would like to get a router with VPN built into it to simplify things.
Most routers i've looked at has 16 ports which is good because most computers are hooked up through ethernet, but doesn't support wireless connectivity, so is it possible to just use my old wireless router as an Access point to let some laptops connect wirelessly?

So do you think getting a VPN supported router will be the best solution to remotely accessing data on the NAS? or is there a better way to accessing the data?
Also any suggestions on which router would be best?

Need help please. thanks!

 

[blkdragon201]

no VPN services, i just want to know if my solution will work?
I want a VPN router and which one would do the job?

 

[Brian_tii]

Depends on how many clients you want connected at a time. My brother in law just sent me over the specs for this one that they are considering and based on spec's alone it seemed fairly good especially for the price, but you'd still have to purchase the SafeNet VPN clients if you wanted to use a client based solution.

http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/SRX5308.aspx

Personally I use / like the Cisco ASA's for VPN, as they've got a really nice client based SSLVPN solution that works really well, however it's fairly complex to setup, and would cost you a bit more $$$.

Regarding your plan / idea... yes it will work. You will need to verify if your current router / firewall has the ability to do a "Bridged mode" or "Access Point only" type of mode. (Check out the owners manual / search) If it doesn't you may still be able to make it do it by flashing a custom firmware like dd-wrt (www.dd-wrt.com) Worst case you can buy a "Access Point Only" type of device, or any of the Apple Airport series will support this mode as well. (Yes, I know Apple is more expensive and there are PLENTY of other options, just saying I know it supports it)

 

[blkdragon201]

I'll have about 3-4 users connected at a time at most.
So I don't need something too expensive.
The router you showed me is quad WAN which I dont think i'll need since i only currently have 1 internet line.
Sorry i'm not that great at networking what is the Safenet VPN clients? is it additional software I'd have to purchase along with the router to get a VPN connection going?
I was looking at http://www.tigerdirect.com/applications/searchtools/item-details.asp?EdpNo=1533875&pagenumber=1&RSort=1&csid=ITD&recordsPerPage=5&body=#ReviewStart
It uses a client called QuickVPN, although many people say its not that great, it gets the job done. I was wondering if something like this would suffice for such a small # of users using hte router. And would i still need to pay for additional clients??
Thanks alot for your help, I've been asking around in various forums for a few days now and you've been the only helpful answer haha

Keep in mind I have minimal networking knowledge so the simplest solution would be best.

 

[Brian_tii]

Essentially the main topic that you'll need to decide is what type of VPN do you want to use? The 2 "main categories" that I'd say you need to consider are the following:

IPSEC - These are the most common and the type you typically see in most corporate environments and used for site to site VPN's. They have the advantage of performance and are considered very secure when configured properly, however there TONS of different configuration combinations which can make the configuration extremely confusing. Most of the entry level / consumer level products try to attempt to make this easier by either providing a specialized IPSEC client (allows you to connect, this is what QuickVPN and SafeNet are), by limiting your options, or a combination of both. The "end user experience" is typically that the user opens a program or a connection profile on their computer which connects them to the VPN and they get access to the remote resources.

Pros - Security, flexibility, industry standard
Cons- Can be difficult and confusing to configure, may have trouble connecting through some firewalls / routers that use NAT.


SSLVPN - This is a VPN solution that is essentially provided over a web page, either by using a web page with code built in that allows you to communicate to the remote network using that code, or by sometimes delivering access to the remote resources via the custom web page. The nice thing with this, is that it doesn't require you to install and configure software on the remote machines and because it typically uses tcp port 443 it is rare that you have a problem connecting. End user experience is that they browse to an IP address / URL and log in using their credentials to gain access. Some solutions have a client that can be installed which prevents the users from needing to browse to a web page to bring up the VPN. Web page based is called "clientless", and conversely the local program type ones are called "client sslvpn".

Pros - Ease of deployment, has less connection problems when going through firewalls

Cons- Not always a "complete" solution (depends on vendor), and typically has a bigger performance / overhead hit than IPSEC so performance isn't as good in most cases


Personally I prefer SSLVPN's because they tend to get through firewalls easier and don't tend to have as much to configure. I have however used the QuickVPN client with the Cisco / Linksys RVS4000 and can assure it is EASY to configure... however... I also did have problems with it getting it to connect through my Cisco ASA, but it did connect ok through your "average home linksys" type of product. Overall it worked, but was slow to connect and I wasn't terribly impressed especially compared to how well the Cisco enterprise IPSEC VPN client works. (Connects fast, and manages to connect through the same Cisco ASA just fine.... go figure) Overall I'd give the QuickVPN a "C+ or B-"

The first VPN router you sent over included one of the IPSEC based "SafeNet" client licenses, if you wanted more than one user to connect using it, you would legally need to buy additional licenses, or use a free IPSEC client (maybe look up ShrewSoft)... Windows includes an IPSEC client, however most people find it difficult if not impossible to configure it properly.

Another cheaper option to look at is the Cisco RVL200, it's an SSLVPN based solution. I haven't used it but based on the below review it looks like it may hold some promise:

http://www.smallnetbuilder.com/content/view/30237/51/

 

[blkdragon201]

Thanks for your quick reply
So SSLVPN is what you suggest?
Just getting this out of the way to explain my situation clearer. I am not doing a Site-to-site VPN. I'm just having a VPN router in the office and hoping to be able to access the storage drives on the network (NAS) from a remote location (home) using VPN.
So the router you showed me with SSLVPN techology instead of IPSec is gonna help me do that?
Thanks again you've been so helpful.

 

[Brian_tii]

Yeah, given what you're trying to do... I'd probably try the RVL200, just make sure you buy it from somewhere with a good return policy if you don't like it... it supports all the current versions of Windows and Mac OS with it's SSL VPN, is one of the least expensive options, and most reviews are talking about it being easy to configure the SSLVPN. Again, I can't say that I've used it, just going off of what I'm reading on it. If you do go with it, make SURE you upgrade the firmware on it as soon as you get it, as it looks like they've fixed a ton of bugs and added Windows 7 support with their more recent releases.

Firmware (You'll need to sign up @ Cisco to download it, but doesn't require a PO # THANKFULLY....):

http://www.cisco.com/en/US/products/ps9927/index.html

The other "easy" option is the Cisco / Linksys ones with the QuickVPN, which I have used (RVS4000)... very easy to setup, but may not always be as easy to get connected due to NAT and IPSEC not always playing nice. Most people reviewing the QuickVPN seemed to have reasonably good luck with it though, so your mileage may vary.

I would stay away from any of them that require you to go through a full client configuration like the NetGear with the SafeNet client. Those will have a lot of settings that have to be "perfect" for it work.

 

[blkdragon201]

Best answer selected by blkdragon201.