Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN devices site to site recommendation 3

Status
Not open for further replies.
digiraven

digiraven

MIS
Sep 13, 2003
17
US
Which of the 3 companies do any of you recommend in choosing to set up a site to site vpn from branch to branch.
cisco 501
sonicwall tz170
watchguard v10

I basically have two branches one with 5 users and other with 20 users which has the servers located at. I want to make the branches be seen through the net as if they are part of the same location. Can any of the above devices do that for me? Which model should I choose and where can I find on the net on how to configure them to do this for me? I may add a 3rd branch to the nest please recommend a device to connect two remote branches through site to site vpn. Oh to let you all know this is all through DSL. Thanks
 
Sort by date Sort by votes
I use the Pix 515 and 506 and they work great. The 501 is similar, so it should work similarly.

DSL doesn't matter, your VPN will be as reliable as your connection. Although I strongly suggest getting static IP addresses.

Adding the 3rd branch is fine. With the Cisco you'll just need to create a mesh. For example, Branch 3 can't access Branch 2 via Branch 1.

Lots of info on the net, especially at The Pix also has a pretty intuitive GUI.
 
Upvote 0 Downvote
So with a pix 501 I should do fine with? Im looking at 400 dollars vs paying 900 for the 506. The 501 I can add two to 3 branches with branches static vpns? Ive looked at ciscos web site it doesnt say much about 501 configurations just the 506 and 515
 
Upvote 0 Downvote

From what I've read, the differences between the Pix models relate mainly to capacity- memory, throughput, number of VPN tunnels, that kind of thing.

The 501 can support up to 10 VPN tunnels. I don't recall offhand if that is SA's or peers, but either way it should work based on your number of users and locations.
 
Upvote 0 Downvote
Why not go the cheap route and buy the LinkSys BEFVP41 VPN Concentrator...

There is less managment ability, but IMO makes it a lot more secure. It supports up to 50 tunnels and works like a mint!

Gluck!
Chance~
 
Upvote 0 Downvote
I've used all of these, and would go with the PIX. The watchguards, if i remember right require additional licences for more than one vpn tunnel, we currently have an issue with two sonicwalls dropping vpns between them, although they both have rock solid vpns to a cisco concentrator we manage, so we can only assume that there is an incompatibility between the two sonicwalls (!!). Sonicwall tech have yet to resolve this in just over a month, despite offering a beta firmware. Also, although there are bandwidth management features in the gui for the sonicwall, i've been told by their techies that this feature does not actually work. This feature is also missing on a PIX, but at least cisco don't pretend it exists.

The vpn software on linksys devices is notoriously unstable. The BEFSX41 is a terrible device, randomly reboots and drops tunnels when it does so, then refuses to reconnect. The BEFVP41 may be better. However, it has no firewall capability at all as far as i can tell, it's just a NAT device, so if you get a trojan, or want to limit users from using things like kazaa, i think you're out of luck.

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP ;)
 
Upvote 0 Downvote
Cool thanks guys. It looks like the PIX is the best the bet. I've dealt with sonicwall tech support and let me tell you I can't understand a word they say, the satalite transmission to india is aweful, and they never seem to be on the right page with you. Im sending my sonics back to cdw and ordering the pix 501s and 515.
 
Upvote 0 Downvote
Just to clarify, the BEFVP41 DOES have firewall capability, port forwarding, and a plethora of other nice little features (not to mention a full spread of 50 simultanious connections). I use 2 concentrators to connect VPNs on 2 different domains and have no issues.

Although they may not be as strong, tight, or cute as the others, they do serve their purpose for a tight budget.

Good luck with the network!
Chance~
 
Upvote 0 Downvote
Hello,

I haven't seen Snap Gear mentioned. I haven't had any problems keeping an IPSec tunnel going, or connecting with VPN. Nice router, seems stable.

Jeff
 
Upvote 0 Downvote
Digiraven:

I like to sing the praises of the Zyxel Zywall series
of VPN firewalls.

You get a LOT of functionality for the money, and they
are extremely granular in terms of control.

VPN connectivity is good with Netscreen, Cisco, Sonicwall and many others.

I've setup a vpn with my 10W here and it's rock-solid.


Shplad
 
Upvote 0 Downvote
Cool thanks. I've decided to use pix 501. Im having a little difficulty setting it up though but I think I may manage.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
280
sircles
sircles
teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
451
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
339
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
245
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top