New VPN Installation - MS or Sonicwall?

[dball63]

I need to install a new VPN solution for a very small business. They only have one remote user that needs connectivity. I have some experience setting up VPN using sonicwall tz170 and I'm not sure if I want to go that route again or try something different. I have heard good things about MS server solution?

Business consists of; 1 MS 2003 server w/ 1 internal nic, 1 Netgear rt324 gateway router doing NAT, Already have routable public adresses available to use.

What do you think is good solution for this? I need something cost effective and with little required maintentance if possible.

David
Sacramento, CA

 

[JimPletcher]

I very much prefer keeping VPN traffic away from the server, and out of the PC if at all possible.
I firmly believe in stopping everything at the firewall and using ipSEC.
If you don't want to spend the money for a sonicwall (good firewall), you can pick up a ZyWALL 10W on eBay for around $100. For the other end, a ZyWALL 2 should do.

I have seven clients (plus myself) using ZyWALL hardware with multiple tunnels, and I have no regrets.

 

[TimRegester]

I have a similar scenario I am going the sonicwall route. I am sure a VPN headend needs a dedicated device, I certainly would not use a w2k3 server as it may compromise the efficiency of the box as a hardware server. I looked at various other options but came back to the same solution.

Maintenance is an issue, but I suggest if your client has a good enough business case to justify the expense of a VPN solution then they can probably justify your services on a regular basis to maintain and troubleshoot the solution. My client is expecting the solution to bring in £60k per annum so is happy to spend money on a hardware VPN solution and pay me for regular support.

 

[technome]

For a small number of users (15) I would use a hardware device as the sonicwall. If you have many users, a dedicated fast server would be the way to go. I would keep the VPN setup off a server which is used for other services.
You need to figure in the cost of electric for a server about $500 per year, OS maintenance, hardware failure, virus protection, disaster recovery,tape backup.

Are you going to use Terminal services?

 

[dball63]

Are you going to use Terminal services?

No, No plans to use TS at this time.

I agree with others have said and confirmed my thoughts about keeping these services off of the server if possible.

I think I may go the TZ 170 route again. I can't recall if the TZ170 includes one VPN license or not. Can anyone confirm?

David
Sacramento, CA

 

[technome]

David...

You really must try Terminal services, admin mode which is a freebie for two connections, easy to setup. You can remotely manage or run programs as an administrator. Once you get the VPN up, you can run it through a secure VPN tunnel, very transparent, fantastic tool.

Don't remember about the VPN license, but there is no mention of a freebie, knowing Sonic, they charge for everything. Just searched, the literature is confusing as ever, best to call them directly.

http://www.sonicwall.com/products/tz170.html#datasheet

 

[LloydSev]

I use a PIX firewall for our VPN headend device. Worked wonderfully.

Computer/Network Technician
CCNA