Connect three sites via DSL

m4cc45

m4cc45

m4cc45

Soldato
Joined
10 Mar 2003
Posts
6,860
Hi,

Currently we have two sites which are connected to each other via a eIcon 1100 safepipe - however these are increasingly hard to get (in fact if you can't get one now).

I wondered if anyone could offer an alternative to this - it needs to be hardware wise and seamless. The price is also another option especially if we are replacing the two existing boxes.

Any ideas?

Cheers!
 
Agreed.

Thats exactly how the safepipes connect they VPN in to each other.

I know a few Cisco devices do that but then you're going into the realms of spending a lot of cash.

Any other solutions though - I don't mind putting a device in each site as long as it does the job.
 
We (the company I work for) use ZyXel kit. Your probably looking at at ZyWall 35 or 75 for your needs.

We have a ZyWall 35 happily serving 20 vpns for a remote user company. Its sat on a 2mb SDSL line and just works.
 
m4cc45 said:
Excellent I'll have a look at it... :)
Click to expand...

Hmm, looking at the price of the ZyWall 35 £320+and £610+ for a 70. You are well into Cisco PIX 501 (unlimited licence*) money (£399) the drawback with the PIX 501 is the maximum number of VPN peers (tunnels) is 10. A PIX 506e (£560) would give you the option of 25 VPN peers. If your only ever going to connect 3 sites and don't need a great number of remote VPN users this is somewhat of a non-issue though.

To do it with Cisco kit your looking at around £1200 (3 x PIX 501) depending on the number of machines at each site you may get away with a restricted licence, a PIX 501 with a 50 user licence comes in at £340.

Set-up will be a little tricky, but it is possible to get a secure firewall set-up with a number of site to site VPN connections all using the PDM web interface on the PIX. Not the ideal way to do it, it really should be done from the command line. But at least PDM does produce relatively clean working configs, that can easily be tuned by hand if need be, unlike the web front end that comes with Cisco's routers :(

If your on a budget I'd be looking at something like draytek's range of VPN capable dsl routers. Note, I've never used these so do some research first!

For obvious reasons I can't say where I'm getting the price quotes for the equipment from (google is you friend), but all prices quoted are inclusive of VAT, and are from large well respected retailers of such kit.


* Cisco's PIX range have a number of licenced features, encryption support and number of inside hosts (been the ones that interest us here).
In the case of what I've quoted here all are for the 3DES/AES (used in VPN encryption schemes) licensed versions. With the unlimited version supporting an unlimited number of hosts on the LAN and the 501-50 supporting a maximum of 50 hosts (IP addresses) on the LAN.
 
depends, even the cheap zyxel routers have vpn capability, so 2 offices could connect to a remote office and route traffic through that to communicate with each other, however thats complex enough i wouldn't want to try it with zyxel kit.

best bet in terms of firewalls in a netscreen 5GT at each site, they're superb and pretty easy to work with, PIX is best avoided unless you know exactly how to use it already.

if you put a PIX in one office centrally though, you could always use cheaper routers with the security (crypto) IOS at remote sites. lots of options really
 
If your after cheaper zyxel kit I've used the P2606-HW unit which is rather good.

Got a few clients with 5 vpn's using those routers without a problem.
 
Just a bit more information (and thanks for the current feedback I do like the pix's and have used them a little) the two sites have 15 users...

The third site which is not yet open is going to have another 5 clients so that would take the users up to around 20 (including three servers)...

I really need to investigate the eicons - as a compatible product with them would keep the charge down further...
 
Fair enough, if you've used them already it makes it a bit easier, though I'd say although the PIX boxes are good they aren't as capable as the netscreens
 
Looking into the Netscreens now they look decent enough. Just trying to find a nice model that offers a little upgradability and is cheap - lol
 
From the information you've given you could probably get away with 3 501-50's, but with only £50 between the 501-50 and the 501-UL. I'd put 501-UL's at all three sites, as customers always seem to underestimate the number of hosts on the LAN.

The Netscreen 5GT/5GT Plus comes in at around the same price as a PIX 501-50 / 501-UL and doesn't really seem to offer anything that the PIX 501 doesn't in this price range. In my opinion of course ;)

What does look interesting is the 5 GT/GT Plus ADSL device which as the name suggests integrates a ADSL modem into the chassis. Not cheap at £6-700 but ould give you a all in one solution.
I'm assuming these devices are to go on the end of xDSL connections ?

If you can afford to hang on for a couple of more weeks I'd be looking at the Cisco ASA 5505 due for launch soon. With them you'll get the PIX OS 7.2, and the chance to upgrade the licence for up to 25 VPN peers without having to buy new hardware.
 
You must log in or register to reply here.
Back
Top Bottom