It’s been well long enough since I have had a chance to work on the RRAS server I implemented a few months ago. Finally, with enough complaints, management wants me to do something about it. I know very little for other software based routing applications, can anyone suggest some to me so I can do some research. I need to be able to do some port forwarding and other small odds and end with it.
Thanks,
Sean
what is the purpose? remote access/VPN and simple nat’ing? i’m unsure as to why you’re lokoing soley for software solutions… these days any lower cost firewall has most of those abilities, ive worked with junipers and ciscos (their lowest end being linksys’s)… depends on what you want and need…
how much are you spending?
how many users are you talking about?
are you dealing with phone lines?
anything moreso than VPN access and internal forwarding?
are you integrating with anything?
i thought you ment those things women wear to keep the titties up…
Main purpose is for VPN and Remote Access. I’m not to familiar with hardware firewalls. Money is not so much an option, anything under 2,500 dollars. Users are limited to 15, no phone lines are being used. Thoughts?
get a cheap cisco firewall… check out their site and download some pdfs… you’ll find plenty of info!
and that would further prove what an idiot you are.
this is on-topic… do not respond.
We use Cisco PIX firewall’s VPN functionality to provide remote access. Seems to work grat. Cisco makes a nice desktop client application that you can deploy to your staff’s laptops that integrates nicely with the PIX based VPN as well. We have our PIX configured to forward all authentication requests to one of our domain controllers running IAS (a Microsoft RADIUS implementation if your not familiar) so we’re still using Active Directory authentication for all attempted VPN connections.
We have roughly ~400 users who connect to our network on a regular basis using this setup and it works like a champ.
do the pix’s have a web interface or are they soley IOS configured. That would be my only worry as the IOS isn’t completely intuitive especially if you have never seen it. other than the config, they are solid boxes.
can you configure a linux distro for vpn and remote access? like are you just doing port forwarding and nat? if so that might be one of the easier and cheaper solutions. Get a machine with 2 nics and check out smoothwall. http://www.smoothwall.org/
This may be totally what you don’t want to do though. I’m tired from dealing with this crap all day.
Psssh. CiscoIOS is easy peasy. And by typing a ? you can work yourself through commands you are not familiar with.
That’d be another option but I think his best bet is simply a Cisco PIX; cheap, compact, and everything’s there.
You can do up to 50 users on a PIX 506e and those can be had for about 900. Or you could use an ASA 5505, not sure off the top of my head but its easy 25-50 users. If you think you are going to grow over 50 users then you would have to jump to a PIX 515e.I think the ultimate solution would be deploying a Juniper SSL VPN. All of those pieces can be integrated with AD or LDAP.
do the pix’s have a web interface or are they soley IOS configured. That would be my only worry as the IOS isn’t completely intuitive especially if you have never seen it. other than the config, they are solid boxes.
Yep, nice web GUI…don’t know that I’ve ever used it though. Seems everyone uses the CLI.
I think the ultimate solution would be deploying a Juniper SSL VPN.
This is a solution that seems to be growing in popularity. I’m not familiar with it…but it’s hot right now for sure. From what I’ve read it’s very easy to deploy and manage.
Psssh. CiscoIOS is easy peasy. And by typing a ? you can work yourself through commands you are not familiar with.
Keep in mind that the PIX firewall’s IOS isn’t exactly the same as standard Cisco IOS.
its growing in popularity because it’s easy. Think of it as VPN but without the client. The end user just needs there web browser to create a connection. no more troubleshooting the VPN client or dealing with the users uninstalling the software. We are evaluating the Juniper product right now and are really impressed.
The office bought a SonicWall TZ170 SP. The main interest in this router is for its dual wan capabilities. We will be able to use two DSL lines as one per say. I have a question about just using the router for security, port forwarding, and VPN. Can I use my existing DHCP server and disable the DHCP feature on the router without issues and just forward the gateway of the node computers to the router?
Sonic Wall??? ewwwwww Dual DSL lines? roflcopter Where the hell is your office that the best connection you get is two DSL lines?
You should have no issues running DHCP off your current server
You don’t want to know where the office is locatd at. You and I both know you can find out. Dual DSL lines are better then nothing. We looked into T1 and bonded T1, but they did not want to fork out that much a month. ADSL2 was non existent there too. I’m sure everything will work out fine.
FiOS? 
I really dislike sonicwall products, but it’s better than a snapgear which one of my clients has. Cisco is the way to go for routers/firewalls. The old pix’s were easy to set up and worked really well.
Fios will not be here for another 4+ years. The Sonicwall seems to be doing a good job so far. We have it for a ninty day test period. I’m going to borrow a older Cisco unit from a buddy and test that out to see which one I like more.
nothing like staying on the brink of technology!
I am not sure how you can work in a shop like that, I would go nuts!