[VPN] Recommendations

Paul R. Yaskowski paul at yaskowski.com
Fri Apr 9 11:28:28 EDT 2004


The PPPoE is for authenticating the DSL.

I've considered SmoothWall, but I don't plan on being here too long, and I'd
hate to leave them with something no one else knows about. If you need Cisco
help, you can get Cisco help.

A $90K AS/400 and a $400/month leased line between offices less than a half
mile apart that should be merged. They're about broke now.

Paul

-----Original Message-----
From: Siddhartha Jain [mailto:losttoy2000 at yahoo.co.uk] 
Sent: Friday, April 09, 2004 3:23 AM
To: Paul R. Yaskowski; vpn at lists.shmoo.com
Subject: Re: [VPN] Recommendations

> I've looked at the PIX-501, but I've always been a
> little scared of per-user
> licensing. If I purchased a 10-user PIX-501, and set
> it behind the SDSL at
> the main office, it would only allow 10 users to get
> Internet access?

Yes, it will only allow 10 IP addresses to pass out to
the internet. Maybe, you could setup a web proxy (if
its only web access that your users want) and then NAT
it to go out. That way you can do with a 10-user
license.

> 
> No matter what product I choose, would a
> site-to-site VPN work with a static
> address on one side and a dynamic on the other?

Yes, you can do this. Look at:
http://cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_exa
mple09186a0080094680.shtml

> 
> Would any PIX handle PPPoE with a dynamically
> assigned IP?

Why do you want to do PPPoE? Do IPSec.

> The company is cost-conscious, and I've looked at
> the PIX-506E, without the
> per-user licensing, but it is 50% more.

Your management bought an AS/400 but can't afford a
PIX 506E?? :)

> 
> Any comments or suggestions as to which products I
> should look at would be a
> great boon to me. I prefer Cisco products, because I
> am familiar with their
> interface, but am flexible.
> 

Look at Sonicwall and NetScreen. Both pack in more
features that Cisco PIX, both have pretty good web
GUIs and simpler configuration.

A tip on PIX: If you plan on using its Web GUI, then
configure it from scratch using the GUI. If you
configure it from CLI during installation and later
try to switch to the GUI, you may run into trouble.

HTH,

Siddhartha



	
	
		
____________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html




More information about the VPN mailing list