Best hardware VPN endpoint for a small office?

[baseband]

The company I work for wants to set up a VPN for remote users to connect to the office LAN. We're running a Windows 2000 domain. There are only about 30-40 hosts on the LAN.

I got the Linksys BEFVP41, but experienced nothing but headaches when trying to get a remote XP client to connect to the LAN. From reading multiple other threads on this forum, I gather that it's a pretty common occurence that router.

So what I'm looking for is a decent IPSec endpoint that works flawlessly with the 2K/XP IPSec client. I'm hoping to spend less than $500 if at all possible and it needs to support about 5-10 simultaneous IPSec client connections. If possible, it should also support PPPoE, but I think most appliances do these days.

Any ideas?

 

[MrMoke]

You really should be able to get this to work with the VP41, but need to use VPN Client software on the remotes, such as SSH Sentinal at

http://www.ssh.com,

to deal with Dynamic IP and client-side firewall issues, as windows isn't very good at it.

It would also be good to have a static IP assignment for the WAN side of the VP41, although there are also ways around this requirement such as using DDNS for FQDN.

Another strong possibility for VPN client software would be Safenet SoftRemote at

http://www.safenet.biz.

If you still can't get it to work, and need a hardware solution, then look to SonicWall at

http://www.sonicwall.com.

These products are very good and priced according to your needs , but they also have recurring/additional charges for special features and upgrades, so be sure you order what you need up front. They also require client-side VPN software to work properly, but have licensed the previously mentioned SafeNet client as a free download if you use one of their products.

 

[baseband]

Thanks for the advice, but my company really doesn't want to spend $130 per remote user for client software. Our users are technical enough that changing the secpol.msc file every time their IP changes shouldn't be a problem. A royal pain, yes. A problem, no. Most of them will be going through dial-up, so there won't be any client-side firewall issues.

I've also seen people on this forum say that the VP41 has trouble with simultaneous connections. That's unacceptable for my business.

 

[baseband]

Also, the PPoE thing isn't a requirement. We're prepared to switch to static IPs if that's what the VPN solution requires.

 

[baseband]

Also, the PPoE thing isn't a requirement. We're prepared to switch to a static IP on our VPN router if that's what the solution requires.

I'm just looking for a way to do this inexpensively. SSH Sentinel costs twice as much as the Linksys VPN router itself! I'd send every user home with a router before I paid money for Sentinel.

 

[MrMoke]

Well, there you go. The simplest solution would be to purchase a SonicWall with 10 or so VPN license, and then download the free client software for your users to install. If you use the VPN Group Policy that's automatically created, then each user gets a floppy to install the client, and a floppy with the GP config to import. No messin' around with Windows.
Boom, your done.

 

[baseband]

That sounds nice on the surface, but once you start adding in all the extras (and with SonicWall everything is an extra!), Sonicwall costs far more than my company is willing to spend. Since we have 30 users that need Internet access, we'd have to get the 50 firewall user license for the SOHO3. $750 isn't completely out of the question, but then I found out that that doesn't even include VPN clients! Add on another $429 for 10 clients and you're up to $1171.

Can anyone suggest a good IPSec VPN endpoint that's made by a company that won't nickel and dime you to death and charge you hundreds of dollars to unlock functionality that the router already has?

 

[EddieVenus]

I think you are missing the free part of the free VPN client they mentioned earlier. You CAN buy sonicwall vpn clients with cool extras like firewall and DDNS, but why bother. You can connect from windows Xp and 2K as well. You can use free VPN client software too, and not pay the $130 a head, or $429, or whatever the cost will be. They want to you use theres, but there is no need to. I have set these up as cheap reliable VPn endpoints for several clients now, and though it is no Checkpoint, it is good enough. It may not be the cheapest, but believe me it will cost more in man hours to deal with cheaper ones, than to just shell out the $750 for the Sonicwall. I have set up BEFVP41 for windows XP and had mixed results, but these were for home users or single remote sales people. No company who wants reliable and managable VPNs would bother with them unless they had no choice. That is just my opinion, so please be kind to me if you disagree. In the mean time Sonicwall is cheap, easy to set up, easy to manage, easy to troubleshoot. It can be standalone, or part of a larger network, it's Total cost of ownership is not high, and the VPNs can be done for free. FREE. Save yourself time and money, get one. Unless you would prefer to spend even more and get a Checkpoint sofaware device. Basically the same specs, maybe a better firewall, maybe. But much much more in the short and long run. you could get a linksys, but then you have the before mentioned headaches, but you save $500+, maybe it is worth it, maybe not. Your call in the end, but you will not find a good IPSec VPN endpoint that's made by a company that won't nickel and dime you to death and charge you hundreds of dollars to unlock functionality that the router already has. They do not exist. Sonicwall comes close. Linksys could be if they had a higher quality product available. And that is my 2 penies worth of information to you. Good luck. Call a consultant if you want a second opinion, but that'll cost ya.

 

[MrMoke]

Thanks Eddie- As a consultant, my normal response to the folks that say their company can't afford something is to ask them how much time(aka:money) they have already spent, and how much more in time(aka:money) they are willing to waste to find something cheap enough.

Typical formula: (WrongProductCost) + (2WeeksTryingtoMakeItWork*(Salary/Hour)) = CorrectProductCost * 5

As far as cost is concerned: Typical SOHO3/50+10VPN=$750US available on many Web Store sites

 

[baseband]

Thanks to both of you. I must have misread SonicWall's site. I think we may go with them.

 

[MrMoke]

Not necessarily misread. To find the deals, you need to Google it. The best deals are usually had by buying what you need up front from an on-line vendor, rather than adding license key updates from SonicWall later.

And now that you've decided, you might also want to look at "Zywall 10 II". It's cheaper, and lot's of people like it. I have no direct experience with the product line, but understand that the user interface, which is more Telnet-ish in nature, is only marginally more difficult to master. The Zywall VPN client software, a discounted version of SSH, is also a seperately priced item on a per user basis.

Uptime on either vendors products is usually measured in months. Your mileage may vary.

Good Luck, and have fun

 

[cragarry]

I am curious about the sonicwall "free" vpn client.I have a soho3/25 and I ahve purchased a couple of clients but htey weren't free. Isthere something I am missing.
Thanks