Re: site to site VPN - need suggestions on VPN routers and folder synchronization
- From: "Matthew X. Economou" <xenophon+usenet@xxxxxxxxxx>
- Date: 23 May 2007 09:16:26 -0400
As others have mentioned, the Watchguard firewalls are very good.
It's been a while since I've set up site-to-site VPNs with a
Watchguard, but as I recall, you must have static public IP addresses
assigned to each firewall in order to build the IPSEC VPN.
You can build similar infrastructure with Cisco routers and firewalls.
Either the ASA or the PIX should have the features you need. In this
case, you can build GRE tunnels in addition to IPSEC, which would
allow you to tunnel non-IP protocols over the VPN.
If you're into homebrew, check out OpenVPN. It's much easier to set
up compared to IPSEC or GRE, although Watchguard does a pretty good
job of taking the pain out of VPN. I'm running OpenVPN on Linux and
FreeBSD firewalls, with hardware that includes Linksys WRT54G access
points and recycled Nokia servers. The only downside to homebrew is
the lack of dedicated cryptographic hardware, so if you decide to
build instead of buy, make certain your firewalls have strong enough
CPUs to handle the encryption and compression algorithms employed by
your VPN software (whether OpenVPN, IPSEC, etc.)
Best wishes,
Matthew
--
"Rogues are very keen in their profession, and know already much more
than we can teach them respecting their several kinds of roguery."
- A. C. Hobbs in _Locks and Safes_ (1853)
.
- Follow-Ups:
- References:
- Prev by Date: Re: Setup could not configure the default settings for Remote Assistance
- Next by Date: Re: Web surfing
- Previous by thread: Re: site to site VPN - need suggestions on VPN routers and folder sync
- Next by thread: Re: site to site VPN - need suggestions on VPN routers and folder synchronization
- Index(es):
Relevant Pages
|
