On Mon, 2003-04-28 at 05:57, Justin Pember wrote:
Any input regarding this situation would be greatly appreciated. J
I have two sites, one with a DSL connection with a static IP address, the other with a microwave connection also with a static public IP. A VPN needs to be set up to provide LAN to LAN communication between the sites, as well as allow several remote users to connect to one of the LAN’s via a VPN.
Would the Linksys BEFVP41 be suitable for this situation with the following considerations?
the BEFVP41 can not be the endpoint of a IpSec tunnel... it is a client-less VPN start point...
1) A server on the LAN that is on the microwave connection needs to provide web and mail services to the internet. Is it easy to setup port forwarding to the server so it can still provide these public services from inside the private network with the BEFVP41? The site only has the single public IP address.
Unless you have very high budget restraints.. I would not use a the BEFVP41 for something like that... it is very inexpensive, but is very low end... there is no way to actually save your configuration...
Linksys support is not real good... if you have a problem, the suggest fix is to press the re-set button and start over.
2) Several more sites will eventually be added that will also need a LAN to LAN connection. The BEFVP41 is capable of 70 VPN tunnels, but can it do multiple end to end type tunnels between LAN’s and route any internal traffic to any other point on one of the other LAN’s?
not really, you need a higher end router/firewall/vpn server at your main site...
I suggest looking at some of the Netscreen products...
3) The BEFVP41 is advertised for cable or DSL connections. Will there be any problems using it on the microwave connection at one of the sites? The microwave connection is a reliable connection to the internet and uses a standard Ethernet connection.
no, I use it for this as well for some Breezecom DS.11 units... I believe the port is just a 10 meg port.
4) Does the BEFVP41 only provide a NAT firewall or does it also provide an SPI firewall like the similar BEFSX41?
no, it is a very basic firewall, and some of the documentation says that you should even run something like zone alarm as well... (yuck)
if your getting hacked there is no screen, or output that will let you know of any attempted hacks or port scans or anything.
5) Is this model easy to setup with multiple VPN tunnels connecting the LAN’s together, and is it able to reliably re-establish any dropped connections without assistance.
I have 7 remote offices using BEFVP41's that connect into a Netscreen appliance, over a 802.11b wireless network... it works pretty well...
sometimes if you connect to the WAN interface for configuration the BEFVP41's lookup, and we have to physically power them off...
the DHCP in the units don't work well... I would invest higher on the head end, and lower on the client site... (just my option)
you can get some Netscreen devices, pretty reasonable with support... I would say that they are way above a Linksys, d-link, or kmart brand,
without getting into something like a Cisco pix.
Thanks in advance for any help!
Pete Jacob
Fisher-Titus Medical Center
|
Welcome to the Virus.Org Mailing List Archive 
