Re: Turn-Key Installation Question: SBS 2003 Standard + Hardware VPN

The clients I have found so far that like the SBS setup have been graphic
development and architect firms. Setting up a VPN tunnel is easy under
Linksys but where I live as well the clients I support/service, the best you
can get where we live is business class DSL (running at around 3MB up and
down) w/ Static IP addresses. Since Autocad and FlexiDRAW don't work too
well via RWW (tested and tried method), the tunnel setups have been the only
option for just doing a bit of file sharing to the main server to allow
everyone a sort of central repository for the data needs.

But as the need for security, Linksys isn't the best choice for it. I have
seen demo's of Sonicwall, but their equipment just seems so cumbersome just
for simple, secure tunneling needs. A firewall appliance sounds like the
best choice. What do units like these run at -- both for base price and
annual maint needs?

Thanks.

-- Michael


"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.1db39d7e8813989e98a235@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> In article <#YZWmCUzFHA.1256@xxxxxxxxxxxxxxxxxxxx>,
> mwecomputers@xxxxxxxxx says...
> > Though I have done a couple of SBS Standard and Premium installations in
the
> > past couple of months, I have several local clients that want to bring
> > e-mail in-house along w/ utilizing the collabration parts of the SBS OS
as
> > well.
> >
> > So far for server hardware, I have found that Dell's PowerEdge SC
servers
> > are great for small business locations as its easy to setup, deploy and
> > remotely administrate. As for the hardware firewall/VPN routers, I am
> > getting a bit of a mixed review betweem Sonicwall, Symantec, Linksys and
> > D-Link units -- primarly for up-front price, time to setup and ease of
> > deployment.
> >
> > I would like to get feedback on making a turn-key approach for
installation
> > of SBS 2003 Standard along with a hardware based VPN router for
connecting
> > two or more branch offices to the main office setup. Ease of deployment
and
> > time-based setup is the key factors for the turn-key operation.
>
> While we're new to SBS, we have 4 offices now with it and we use the
> Single NIC method with a Firewall Appliance in front of the network that
> is not just a simple NAT router. The Firewalls we use provide PPTP end-
> point connection ability as well as branch office (site to site) IPSec
> tunnel ability. They also filter HTTP and SMTP (if you use those rules)
> via the internal proxy that lets you remove bad things from both HTTP
> and SMTP sessions (providing a LOT of protection for your
> network/users).
>
> If you go the Single NIC route, with a real appliance, then it's simple
> to IPSec tunnel to other offices in the company and you don't have to
> mess with ISA or the Dual Nic issues.
>
> I would not suggest something as cheap/simple as your routers - while
> they can work, they are NOT firewalls and do not provide anywhere near
> the protection of a true firewall device.
>
> If you want something that works as a quality VPN/IPSec end-point
> between offices, you need to look into VPN routers or firewalls that
> offer Branch-Office IPSec tunnels - and you are going to want a Static
> IP on each end.
>
> If you think you're going to share files over a DSL connection over a
> VPN between offices, well, think dial-up when it comes to performance.
> You would be better off doing Remote Desktop over VPN than doing file
> sharing - even our 4mbps/2mbps business class cable modem service is
> slow when it comes to logging in users with roaming profiles, or when
> they open documents on network shares outside their own offices - it
> does work, it's just slow. We've actually moved to Terminal Services and
> Remote Desktop for those types of situations.
>
> If all you want is email/exchange, VPN tunnels work great no matter the
> speed (as long as you have 1mbps...).
>
>
>
> --
>
> spam999free@xxxxxxxxxx
> remove 999 in order to email me


.

Relevant Pages

  • Re: DD-WRT VPN
    ... Anyone want to suggest some other solutions for the VPN that wont require ... OpenVPN has to encrypt and decrypt the tunnel at both ends. ... setup a fast computah at each end of the simulation to a LAN ...
    (alt.internet.wireless)
  • Re: [fw-wiz] Cisco AnyConnect Remote Access to L2L tunnels
    ... the remote access clients' Internet access... ... tunnel connection... ... I think that you would have to setup dynamic NAT on ... Cisco sees remote VPN clients as incoming through the outside ...
    (Firewall-Wizards)
  • RE: [fw-wiz] worm + VPN + firewall
    ... No matter where the VPN tunnel actually terminates, ... Terminate on the outside, Cleartext on the inside around a firewall. ... Generally bad unless you can regulate traffic on VPN device. ...
    (Firewall-Wizards)
  • Re: Security concerns with VPN over IPSEC passthrough
    ... >through a corporate firewall if the firewall supports IPSEC passthrough, ... Depends on the VPN server/software. ... >private LAN has a VPN tunnel to the public Internet server, ... Potentially, if the client is setup with a split tunnel, most definitely. ...
    (comp.security.firewalls)
  • Re: Please help with my lack of understanding
    ... I never said to open the firewall to all traffic. ... That's for the actual tunnel, but what about inside the tunnel, does the ... VPN users can reach, the server, once they get a VPN, is doing the ...
    (microsoft.public.windows.server.sbs)