Jon Carnes jonc at haht.com
Thu Nov 18 19:29:45 EST 1999


Amazingly enough, I would recommend you use the MS PPTP.  Since you are
already using MS on the client side and probably on the corporate side, the
cost is free.  The security is only moderate, but probably enough for what
you want.  (if someone wants your data, they are more likely to get it via
social engineering than by intercepting and decoding your data streams...)

If you go with the MS VPN solution, then the MS box will have to sit
parallel to a Masquerading Firewall, but can run from behind a Routing
Firewall (router to a valid Class C which regulates routed traffic).  A
decent P3-450 with 256Mb of Ram running NT4.0 with Service Pack 5 applied
will handle the load you specified, and is fairly secure.  SP5 fixes most of
the security problems that the MS VPN was prone to.

The beauty of the MS solution is that it is fully integrated with your NT
Domain (that is if you are using an NT Domain - otherwise you add individual
accounts on the MS box).  Its also very simple to setup on the clients.

As to a Firewall, I always recommend Linux on an ordinary PC running either
ipfwadm or ipchains (depending on which version of Linux you are running).
The cost is the cost of the box, and that is normally a low-end box that is
floated down via an upgrade to a Corporate end-user.  If you don't know
Linux, you may be able to find a local users group that will build the box
for you for free and then train you on firewall setup.  There are some very
simple how-to's for basic firewall configuration.  In my area (Raleigh NC)
there are several fine Linux users groups which gladly lend a hand to folks
getting started in Linux.

Hope this helps,

Jon Carnes
MIS - HAHT Software

----- Original Message -----
From: <Angelo.Speranza at crescendo-tech.com>
To: <vpn at listserv.secnetgroup.com>
Sent: Tuesday, November 16, 1999 4:03 PM


> Hello Everyone,
> I would like to get your thoughts/recommendation on which VPN solution and
> firewall could best fit my environment.
>
> I was tasked to deploy a VPN and firewall solution. I have outlined the
> requirements (I hope I got all of them).
> There are approximate 20 to 25 users, working out of home. I would like to
> deploy a VPN and firewall to support these users. The data that the users
> will be accessing is work order info, graphics, e-mail, office documents
> and pricing info. The operating system is NT and the protocol in use
> TCP/IP, e-mail is outlook.
> The users will be establishing a VPN session via dial up or via DSL.
Within
> 6-8 months a second office is expected to open, which could double the
> number of users.
> Currently there is a BRI in place connected to an ascend pipeline 75
> router.
> My budget is approx. 10k and security is very important.
>
> My question is:
> - From your experience, do you have any suggestions on what type of VPN
and
> firewall solution could best fit these requirements? I would like to  have
> a firewall solution that is not incorporated within the VPN. Also, keeping
> in  mind scalability and budget.
>
>
> Thank  you in advance for your thoughts and recommendations,
>
>
> A.M.S
>
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
>
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html
>
> We are currently experiencing "unsubscribe" difficulties.  If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to
owner-vpn at listserv.secnetgroup.com
>
> ****************************************************************

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/vpn/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************




More information about the VPN mailing list