Set Up Tips For A Virtual Private Network by primusboy


									Set Up Tips For A Virtual Private Network
Many businesses considering a Virtual Private Network (VPN) to cover
their internet and database applications share the same set-up concerns.
You want to know the most efficient and cost effective approach to get
"from here to there". You'll also want to evaluate whether to go with a
site-to-site connection or user connection approach.'ll want
some idea of the best options for appropriate hardware.
To help this learning opportunity along let's set-up a realistic
practical example....and then address each of the concerns around this
Here goes:
You have 10 satellite offices spread some distance apart .... each with
multiple users .... that you want to connect to a central headquarters
For this scenario here's my suggestions to address the most common set-up
First.....a Site-to-site connection is best; by having two VPN endpoint
routers talk to each other, you can have all the computers behind each
router connect as opposed to paying (say) $35 or more for each computer
to have a client loaded. Depending upon what router you buy, some come
with pre-installed PPTP and IPSEC VPN clients already installed so you're
all set.
Next, the type of network connection you are going to be using is a
critical element. Such as Cable, xDSL, T1, or DS3. Depending on the size
of your usage base (number of users and load each places on your network)
you should consider a T1 line as your backbone. You can always scale up
as the need arises (to a bonded T1 or DS3) or scale down if warranted
(fractional T1). This level of dedicated bandwidth circuit also affords
more reliability, stability, and scalability ..... not to mention a QoS
(Quality of Service) and SLA (Service Level Agreement) form providers who
over these levels of circuits. That makes business sense.
Remember to gauge your budget for hardware, and also determine if there
is an expectation for having any folks traveling who'll need remote
access. The former I'll address next. The later bears on your circuit
size decision discussed above.
For the guts of the network your common choices run the gamut of Linksys,
SMC and Netgear; Zywall is another option; and so is OpenVPn, which is
script based. The deciding factor will always be "cost" and "ease of
configuration." Then again, if you're one who doesn't mind a little work
(and you shouldn't if you're in the network game) a little overtime is
necessary and worth it with some solutions.
Alright, for hardware here's some ideas......
From the Linksys SOHO/SMB turnkey solution department, I submit the
following hardware devices. Many IT managers use for a source
because they have good prices (in my opinion).
1) WRV54G - "Severely" underrated. Supports 50 IPSEC VPN tunnels and 5
onboard Quickvpn IPSEC VPN clients; you can upgrade clients from 5 to 50
(yes, it's real VPN). Does not support NAT-T/GRE, so you cannot configure
a microsoft VPN server connection with this unit.
2) WRT54GL routers using DD-WRT 24B VPN edition Firmware. It supports
both client and server Open VPN. This is very secure and stable. Far less
expensive, keeping with the hardware VPN direction, than anything I have
3) RV016/042/082 - All support a minimum of 5 IPSEC VPN tunnels (or
higher), minimum of 5 quickvpn clients (with upgrade option same as
WRV54G). Units support NAT-T/GRE, has onboard PPTP server with 5 clients,
and allows you to configure a microsoft VPN server behind it for
addtional PPTP/L2TP clients (128 in total).
4) WRVS4400N - Supports 5 IPSEC VPN tunnels, 5 Quickvpn clients (no
upgrade option as of yet), and supports NAT=T/GRE. Additionally, you have
port based VLAN available, IDS/IPS services, to include email alert, user
define-able access control lists, define-able services, supports
IPV4/IPV6 for LAN connections, WMM for improved QoS and video/audio. Yes,
I'm showing favoritism on this one. I've friends currently testing this
and it's looking like the Linksys products of old.
Just visit the website and peruse the Router/VPN Solutions
area for business series routers.
Lastly, the following software solutions are free:
1) Monowall - requires an old PC with two NICs (for starters); download
image to your computer, burn to a disk, go forth and conquer.
2) Smoothwall - same as Monowall
3) SSL Explorer - SSL solution for vpn
4) OpenVPN - script based vpn
Overall: I prefer hardware solutions so I'm inclined to go with a router
that has either an onboard PPTP server or the capability to support NAT-
T/GRE. Using hardware reduces the load on having a workstation/server
host your VPN, but that doesn't make software solutions any less
Well there you have it. Some practical tips on VPN set-up to help you
make a practical business sense decision on the common concerns you'll
face. The only thing left is to roll up your sleeves and "just do it".
Michael is the owner of FreedomFire Communications....including DS3- Michael also authors Broadband Nation where you're always
welcome to drop in and catch up on the latest BroadBand news, tips,
insights, and ramblings for the masses.

To top