Hardware vs. Software VPN

[dibbkd]

I'm new to VPN's, but read that Windows Server 2003 has built-in VPN features.

I'm not too crazy about having Microsoft run my VPN, but has anyone used this, and how do they like it?

What hardware VPN's are good for a small LAN? I'm looking at D-Link, Netgear, Linksys, etc.

Any suggestions?

Thanks

 

[GeorgeOu]

For this kind of stuff, I'd get my self a support contract with Cisco. Since you're talking about the PIX501, a support contract should be around $100 a year. Believe me, I've gotten more than my money's worth in Cisco support for these kinds of problems.

The support from Cisco on devices like these is the same as the support you get on high-end devices. Nokia CheckPoint on the other hand charges way more for just hardware and licensing maintenance.



George Ou
Network Systems Architect

Get more powerful articles and tools from my webpage

http://www.lanarchitect.net

 

[bytehd]

Will do.
Smartnet is about $75 from PCConnection for 10 user 501.

What kind of support do I get?
Just a CCO account for downloads?
What about TAC incidents?

Thanks George

http://www.insyncva.com

 

[GeorgeOu]

Yes you can use TAC. What has always impressed me about Cisco support is that they'll bend over backwards to support these odd types of problems for a $75/year support license. We use to pay Nokia and CheckPoint $13K a year and they won't even give telephone support without upgrading the support contract. They didn't even meet their delivery schedule for bad hardware.

You can't go wrong with that $75 PIX501 support license. They'll dedicate a CCIE to the problem for months if they have to until the problem is solved. It's particular deal is even better than the $250 Microsoft incident support packages. They'll even poll you to check to see if you were satisfied with the support. This is all from personal experience.



George Ou
Network Systems Architect

Get more powerful articles and tools from my webpage

http://www.lanarchitect.net

 

[bytehd]

Very cool.
Rep is everything to them and me.
GE consulting told me to get a smartnet too.

Thanks again.

Perhaps Ill just Email you direct.

FYI:
This same client of mine is also an endpoint for another
VPN. The other end is paying for both ends.
They got the service thru Verizon, Tampa.
They are using Nortel Contivity 1010s.
Get this: verizon sent my client TWO routers.
The other guy is paying $5000 a year to Verizon for this.

I could do the same with $200 of Linksys.
Guess what this $5000 buys:
remote access to a drive letter for quickbooks!
Thats All!

I should take a page out of these ILECs playbook and overcharge like this.

sheesh.

http://www.insyncva.com

 

[ITboywonder]

just curios george,

why would you recommend using a FWIOS over using a pix?

What IOS would you need for this on say a 2600?

 

[GeorgeOu]

FWIOS is much more powerful. Here are a list of things of the top of my head that FWIOS can do that PIX cannot.

* Policy based routing
* BGP (for advanced failover routing)
* ISDN and T1 termination
* QoS outside and inside an IPSEC tunnel (if you want to transmit things like VoIP and Video)

It's more expensive than a small PIX box, but there are no licensing restrictions on a router. On a 2600, just get the IOS with Firewall, IDS, and IPSEC feature set.

It really depends on your needs.

I'm seriously considering using the NetScreen 5GT or Fortinet boxes for the smaller offices because of their integrated Virus scanning capability on HTTP and FTP. They cost slightly more than a PIX 501 for less than $600. Sure I can build a dedicated transparent proxy server with gateway anti-virus, but the licensing alone will cost more than the 5GT. Sure it can handle a thousand users, but the massive throughput doesn't do me any good if I have fewer than 10 users in a small remote office. Cisco better wake up or else they'll find their market share shrinking soon, and I say this as a huge proponent of Cisco networking gear.



George Ou
Network Systems Architect

Get more powerful articles and tools from my webpage

http://www.lanarchitect.net