Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need VPN suggestions please.

Status
Not open for further replies.
crabjoe

crabjoe

Technical User
Dec 4, 2003
37
0
0
US
I need a little help in find a VPN solution for a friends work place.

Currently they have 2 NT4 servers runing databases, HTTP, Email with 8 workstations behind it. One of the servers is their domain controller and also handles DHCP. They have a remote office with 4 workstations. Their workstations are a mix of NT4, 2000 Pro and XP Pro. They also have a VPN setup which they want to replace.

Their current VPN setup is site to site using Netscreen. Netscreen in their remote office is setup for DHCP as they only have 1 ip address from their ISP. Also, Netscreen is slow as dirt, drops connections and when transfering large files it drops connections and doesn't pass NETBIOS.

They have their ISP managing the setup but it's new to them also so the support is just plain bad. So bad that they asked me if I could help.

I setup a remote connection from home to their VPN and when I had problems accessing any resources, their ISP told me that they couldn't help as I can make a connection to the Netscreen VPN. That might be fine, but I have no idea on how they configured Netscreen. When I asked them for the configuration, they were clueless.

Eventually I was able to map a drive, but it took forever. So I wanted to see what kind of speed I was getting with this connection. I have a 768K SDSL and the office has a Full T1. To my suprise, the connections just sucked! I was getting a slow dialup speed of 33.6k! Well this lead me to look for a new solution for them.

They want to be able to browse the network in thier network neighborhood without have to worry about setting up a host file or WINS as they do not have any IT support. So can anyone make a suggestion on a different low cost VPN setup?

I was looking at Netgear FVM318 for their remote office and the FVL328 for the main office, but I don't know if it will pass NetBIOS for them to browse their network. Also, from the posts I've seen here, it maybe a little to much to talk them thru a setup in their remote office. Now if you feel Netgear is a viable solution, please let me know. If you have any other suggestions, it's welcome also as I am clueless on setting up a VPN.

TIA.
 
Sort by date Sort by votes
Surprising to hear of problems w/ Netscreen. I have a client that has a spoke-hub VPN config w/ 4 sites and they have never had a problem. All sites have a T1 and are running the latest ScreenOS.

If you're set on an alternative (and the client has the $$) you should look into Cisco - a little on the high end but reliability has been great IMHO.



Michael Law - MCSE, CCNA, SCSA, MCIW
Qualatech Computer Consulting, LLC
 
Upvote 0 Downvote
I think the problem is more to do with management of the Netscreen the what Netscreen is capable of. I called Netscreen about being able to browse the network using Network Neighborhood without a host file and was told it would work fine as long as Netscreen is configured properly.

Assuming Netscreen works as Netscreen says, there shouldn't be a problem with it dropping the connection, slow speed and should be able to browse. Well, these people that are suppose to be managing it seem clueless so there's nothing the company can do with it to work properly. They won't even do a Firmware upgrade.

So if anyone has a suggestion for a Site to Site VPN setup that allows browsing via Network Neighborhood and can be configured easily, please let me know.
 
Upvote 0 Downvote
BTW, I should had said a low cost solution.
 
Upvote 0 Downvote
I have just set up a VPN with 2 Netgear FVS318s and it worked a treat, it says that it will pass netbios and therefor allow network neighbourhood browsing. I've not seen this in action yet as i set it up as a test for a client, the manual says it will do it though.

Paul
 
Upvote 0 Downvote

Using two FVS318 to create LAN-to-LAN VPNs works a treat and is pretty easy to set up. I got it working pretty quickly and it was my first foray into the world of VPNs.

One thing I would suggest is to make sure that the firmware on both FVS318s is the same and upto date, just because updating (which I need to do) looks like a real pain the arse, you have to completely reconfigure.
Make sure that you have a static IP address on the external interface on either end of the VPN and the internal subnets also have to be differnet I seem to remember.

Other than that its pretty simple and works really well. (Creating a Client-to-LAN however is a little more tricky and thats what I am looking for a solution for. The safenet works for one client but not another, with the same config.)

Cheers
 
Upvote 0 Downvote
Dellboy,

Have you looked into deploying Windows RAS? It doesn't get any easier for a Client-LAN setup.

Best,

Michael Law - MCSE, CCNA, SCSA, MCIW
Qualatech Computer Consulting, LLC
 
Upvote 0 Downvote
Thanks everyone!!

I have been going back and forth between the Netgear and Dlink VPN boxes and as of today, I found that Dlink will not work for me as they either will not pass NETBIOS or will not allow a Client to Appliance connection. What a shame as the cost was lower and thier boxes passed L2TP, PPTP and IPsec. In addition their 824VUP has 802.11g wireless.

So I'm back to looking at Netgear and have come acrossed the FVM318. 70 WAN and 32 WLAN VPN tunnels and acts as an endpoint for Client/Server. Now I just have to make sure it passes NETBIOS..

Wish me luck everyone....



 
Upvote 0 Downvote
You know, any device that is supposed to pass IP protocol, or at least TCP and UDP packets, should pass NETBIOS just fine...current Windows products use Netbios over TCP anyway. There's no reason it shouldn't work...regardless of vendor.
 
Upvote 0 Downvote
Passing NETBIOS is not really the issue. Passing broadcast traffic is.

NETBIOS name resolution relies upon broadcast traffic. TCP/IP broadcasts are not technically supposed to cross subnets, so a router that doen't forward those is technically operating correctly. Routers that 'pass NETBIOS' actually forward broadcasts across subnets for NETBIOS traffic, which is not technically correct, but has been adopted to facilitate use of a SMB network across subnets.
 
Upvote 0 Downvote
Crabjoe

My 2 FVS318s let me browse network neighbourhgood fine. They seem like really good bits of kit for the price.
 
Upvote 0 Downvote
I went ahead and ordered the FVM318 as it does pass Netbios. From the quick look at the manual, it looks to be the same as the FVS318 but has wireless and supports more VPN connections. I'm expecting it here on Monday so I'm hoping to give it a try Tuesday.

Thanks for all the help everyone!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
306
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Question
Best vpn safe and fast
Replies
4
Views
197
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
126
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
220
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top