Go Back   Technibble Forums > General Computers > Tech-to-Tech Computer Help

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 05-07-2012, 05:43 PM
CNS's Avatar
CNS CNS is offline
 
Join Date: Jul 2011
Location: Tracy, CA
Posts: 81
CNS is an unknown quantity at this point
Default VPN- Netgear vs. Linksys

I wanted to get an opinion on VPN router preference. I am setting up a small business with 25 users and I would need to setup 4 VPN tunnels, possibly more.Currently, they are all setup on Netgear devices and I prefer working with Cisco/Linksys. Has anyone worked with Netgear VPN routers, any recommendations,or devices.
I personally am looking at JGS524E.
__________________
CNS
Computer Network Solutions
Reply With Quote
  #2  
Old 05-07-2012, 05:53 PM
14049752 14049752 is offline
 
Join Date: Mar 2008
Posts: 3,311
14049752 has a spectacular aura about14049752 has a spectacular aura about
Default

You're looking at a switch for VPN set up?

Personally, I prefer a good DD-WRT based router. I've never been fond of the Netgear or Linksys routers I've set up, because they require a license and their own VPN software. Maybe I just set up the wrong ones, though.

I like DD-WRT because you can do PPTP vpn if you don't care too much about security, or you can do OpenVPN with decent encryption and authentication. It's also pretty good at site-to-site VPN setups, too.
Reply With Quote
  #3  
Old 05-07-2012, 05:59 PM
teksquad teksquad is offline
 
Join Date: Jul 2011
Location: Raleigh, NC USA
Posts: 162
teksquad is on a distinguished road
Default

I deal with cisco pretty much all the time so thats what I prefer. Depending on the type of VPN would determine what device I go with. For L2L and remote access vpn's I prefer the ASA's but they can be setup with the IOS routers as well. I prefer the ASA as not only is it a good Vpn termination device but a excellent statefull firewall/ALG for your network edge. How many sites are we dealing with? Do these sites need to connect to each other. If so a DMVPN may be the way to go. DMVPN is only supported on routers with the appropriate feature set. As with anything cisco you need to check the licensing requirements and vpn throughput for each device. Both the IOS routers and ASA's support SSL Vpn as well with the appropriate IOS and licensing. The anyconnect client is a great alternative for users that are comfortable with a vpn client (like the cisco ipsec vpn client) but using an SSL vpn.
__________________
Andrew Bromfield
andrew@teksquad.net
http://teksquad.net


Last edited by teksquad; 05-07-2012 at 06:02 PM.
Reply With Quote
  #4  
Old 05-07-2012, 09:46 PM
krtechsolutions's Avatar
krtechsolutions krtechsolutions is online now
 
Join Date: Oct 2010
Posts: 516
krtechsolutions is on a distinguished road
Default

Cyberoam or sonicwall

Or maybe untangle
Reply With Quote
  #5  
Old 05-08-2012, 05:29 AM
Aescaepulus Aescaepulus is offline
 
Join Date: Nov 2011
Location: Medford, OR
Posts: 45
Aescaepulus is an unknown quantity at this point
Default

ASA 5500 series. I usually purchase a second license on an ASA 5505 to run VLAN as well. Kinda pricey for licenses, but I like the ASA's due to their flexibility and strong edge security applications.
Reply With Quote
  #6  
Old 05-08-2012, 10:29 AM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is offline
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,641
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Are you looking for "site to site" VPN tunnels to make a WAN?
Or are you looking for road warrior VPN to allow remote users to connect?

Site to site...doesn't matter, IPSec or OpenVPN.
I see you mentioned PPTP VPN...so I'll guess you mean for road warriors. Go with SSL VPN. MUCH easier for you to support. Browser based....no clunky thick VPN client to have to fix every now and then. SSL VPN is soooo dang easy and reliable for the end user.

I've worked with many different netgear and Stinksys/Cisco units...I tend to not be overly fond of Netgear units because of years of slower prosafe models...but they do have a good little SSL unit. As does Cisco (formerly Stinksys).

For a couple of remote connections...using an all in one built into the router is OK. But if they plan on growing and have more than several at once connect....going with a dedicated VPN appliance is the smart approach...have it sit behind the router.

My favorite SSL VPN appliance is a Juniper SA model....expensive, but rock solid and brutally fast.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
  #7  
Old 05-08-2012, 02:14 PM
teksquad teksquad is offline
 
Join Date: Jul 2011
Location: Raleigh, NC USA
Posts: 162
teksquad is on a distinguished road
Default

As long as the ASA you get has the specs you need and supports the the required vpn connections, total connections and offers the appropriate throughput then you don't really need a dedicated vpn device. Cisco use to have the vpn concentrators that where a vpn only termination point but they have been end of life for some time now as the current ASA's can work just fine as a statefull firewall, ALG and vpn termination point. Whether you want to put the ASA on the edge of your network thats another thing. I usually put a router upstream that is directly connected to the service provider and the ASA behind that. This will allow for some pre-filtering at the edge and may be required depending on how the service provider hands off the circuit to you.This may not be an option though for all business's.

Another benefit of the ASA is the ability to have multiple contexts or virtual firewalls (similar to VRF's in the router IOS). Very handy if you doing any kind of shared hosting or need separate firewall polices for certain organizations. You do however loose some functionality with multiple context mode. No Vpn, dynamic routing being the big two.

If your remote offices need direct connectivity to each other then DMVPN is the way to go (Dynamic Multipoint VPN) This is only supported on IOS routers though. Basically on the head end device its a multipoint GRE tunnel with IPSEC protection. Uses NHRP to dynamically register the remote sites so your remotes can have dynamic ip's.
__________________
Andrew Bromfield
andrew@teksquad.net
http://teksquad.net


Last edited by teksquad; 05-08-2012 at 02:24 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:10 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.