[VPN] Linksys BEFVP41

Pete Jacob pjacob at ftmc.com
Mon Apr 28 15:13:35 EDT 2003 

On Mon, 2003-04-28 at 05:57, Justin Pember wrote:

> Any input regarding this situation would be greatly appreciated. J
> 
>  
> 
> I have two sites, one with a DSL connection with a static IP address,
> the other with a microwave connection also with a static public IP. A
> VPN needs to be set up to provide LAN to LAN communication between the
> sites, as well as allow several remote users to connect to one of the
> LAN’s via a VPN.
> Would the Linksys BEFVP41 be suitable for this situation with the
> following considerations?

the BEFVP41 can not be the endpoint of a IpSec tunnel... it is a
client-less  VPN start point...



> 1) A server on the LAN that is on the microwave connection needs to
> provide web and mail services to the internet. Is it easy to setup
> port forwarding to the server so it can still provide these public
> services from inside the private network with the BEFVP41? The site
> only has the single public IP address.

Unless you have very high budget restraints.. I would not use a the
BEFVP41 for something like that... it is very inexpensive, but is very
low end... there is no way to actually save your configuration...
Linksys support is not real good... if you have a problem, the suggest
fix is to press the re-set button and start over.


> 2) Several more sites will eventually be added that will also need a
> LAN to LAN connection. The BEFVP41 is capable of 70 VPN tunnels, but
> can it do multiple end to end type tunnels between LAN’s and route any
> internal traffic to any other point on one of the other LAN’s?


not really, you need a higher end router/firewall/vpn server at your
main site... 
I suggest looking at some of the Netscreen products...


> 3) The BEFVP41 is advertised for cable or DSL connections. Will there
> be any problems using it on the microwave connection at one of the
> sites? The microwave connection is a reliable connection to the
> internet and uses a standard Ethernet connection.


no, I use it for this as well for some Breezecom DS.11 units... I
believe the port is just a 10 meg port.

>  4) Does the BEFVP41 only provide a NAT firewall or does it also
> provide an SPI firewall like the similar BEFSX41?

no, it is a very basic firewall, and some of the documentation says that
you should even run something like zone alarm as well... (yuck)
if your getting hacked there is no screen, or output that will let you
know of any attempted hacks or port scans or anything.

> 5) Is this model easy to setup with multiple VPN tunnels connecting
> the LAN’s together, and is it able to reliably re-establish any
> dropped connections without assistance.

I have 7 remote offices using BEFVP41's that connect into a Netscreen
appliance, over a 802.11b wireless network... it works pretty well...
sometimes if you connect to the WAN interface for configuration the
BEFVP41's lookup, and we have to physically power them off...
the DHCP in the units don't work well... I would invest higher on the
head end, and lower on the client site... (just my option)
you can get some Netscreen devices, pretty reasonable with support... I
would say that they are way above a Linksys, d-link, or kmart brand,
without getting into something like a Cisco pix.


> Thanks in advance for any help!



Pete Jacob
Fisher-Titus Medical Center

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20030428/f0af76af/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 309575.gif
Type: image/gif
Size: 4747 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20030428/f0af76af/attachment.gif

More information about the VPN mailing list