[vpn] vpn advantages over a wan
Ryan Malayter
rmalayter at bai.org
Tue Feb 5 19:22:12 EST 2002
At one end, we used a Nokia IP-series appliance with Firewall-1/VPN-1
software from Checkpoint. At the other end, we used a much cheaper,
easier-to-use, but less flexible SonicWall Pro-VX device. We got an IPsec
tunnel up between the two in an hour or so using shared secrets.
Both devices include triple-DES encryption coprocessors, and we actually
seems to get the full throughput that the 6 Mbps bottleneck connection we
have at one site can offer. A late-night bidirectional FTP between the two
sites runs consistently at more than 90% of wire speed. The encryption
coprocessors are probably not even necessary at our current line speeds, but
they were included in the firewall models we wanted. The Firewall/VPN
devices can supposedly handle more than 45 Mbps of encrypted traffic, so if
we have to go T3 someday or add more sites, I guess we're covered.
We also had an esoteric problem with a Tiara router that caused us some VPN
problems, but Qwest fixed it as soon as they could, even flying in a Tiara
tech from points west to make it happen. And as I mentioned previously,
we've had four-nines uptime ever since. Our SLA with Qwest guarantees
throughput, latency, and uptime on their network, so our VPN is covered by
that agreement.
It's expensive compared with a do-it-yourself VPN using cheaper ISPs and the
general internet, but we have someone to get right on top of any problems,
and we get money back when the service level agreement is broken. And it's
still cheaper than any point-to-point fractional T3 option we looked at.
-ryan-
-----Original Message-----
From: Steve Cundall [mailto:
Sent: Tuesday, February 05, 2002 4:34 PM
To: Ryan Malayter; 'vpn at securityfocus.com'
Subject: RE: [vpn] vpn advantages over a wan
What hardware solution did you use to accomplish the routing and tunneling?
Regards,
-----Original Message-----
From: Ryan Malayter [mailto:rmalayter at bai.org]
Sent: Tuesday, February 05, 2002 9:49 AM
To: 'vpn at securityfocus.com'
Cc: 'Vinh Mac'
Subject: RE: [vpn] vpn advantages over a wan
Cost is the primary advantage. You're going to pay for some form of internet
connection at both locations anyway, so why not use it to connect both
offices? VPNs are cheap and easy to set up compared with private WAN
offerings, and are more secure if implemented properly.
The primary downside is that VPNs is that they are less reliable, since they
are dependent upon internet traffic conditions. However, some tier-1 ISPs
will give your internet access at both ends, and guarantee you a performance
and uptime level between locations since the whole thing travels on their
backbone. We have such a relationship with Qwest, and performance has been
outstanding. After some initial problems caused mostly on a buggy piece of
routing hardware, uptime has also been >99.999%.
-----Original Message-----
From: Vinh Mac [mailto:vinhis at hotmail.com]
Sent: Tuesday, February 05, 2002 10:37 AM
To: vpn at securityfocus.com
Subject: [vpn] vpn advantages over a wan
hi, i would like to pose a question to the vpn afficiandos here...what are
the main advantages when you implement a VPN over a WAN connection, frame or
dsl, to a local office site?
they are secure, both instances, as it goes through a partner connection and
not "ouside" of the company enterprise network. I don't see the
advantages....can you fill me in?
thanks.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
VPN is sponsored by SecurityFocus.com
VPN is sponsored by SecurityFocus.com
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list