Recommended small business VPN solution

tbz_ck · 28 May 2008 at 13:24

Hi,

I've been asked by a small business to set up for them a simple VPN solution so the two members of staff can access their network shares and exchange email from home.

I'm used to Cisco PIX or ASA devices that are more suited to larger business and think this would be total overkill for them

So can any of you recommend an ADSL Wireless Router with VPN termination capability that is simple to set-up and teach to them (so that they can maintain it themselves if necessary). Max clients, probably 3 including me!

Thanks

CK

m4cc45 · 28 May 2008 at 13:47

Depends to what level. If they want something reliable then as you mentioned an entry level ASA 5505 or something along those lines would be good - about 150-200 each.

Router wise stick with the bigger names such as Linksys / Netgear. They're all pretty similar and do an adequate job though I wouldn't want to rely on one.

M.

s0ck · 28 May 2008 at 15:01

Linksys RV042 is pretty good. IPSEC site to site and I assume it does road warrior clients too but never used that feature.

oddjob62 · 28 May 2008 at 15:18

Only "cheaper" solution i've ever used are Vigor routers.

svbooga · 28 May 2008 at 15:32

The vigor ones are pretty good with easy to set up PPTP VPN profiles for remote workers, then just use the built in windows PPTP client (not sure about mac). You can download a VPN client from the draytek website to do L2TP with IPSEC VPNs, but never used it.

mrbios · 28 May 2008 at 16:36

s0ck said:
Linksys RV042 is pretty good. IPSEC site to site and I assume it does road warrior clients too but never used that feature.

seems strange to recommend something by linksys but im going to second this one ^

was setting up an RV042 earlier this afternoon, quite simple to setup, basic, and does the job

Shaz]sigh[ · 28 May 2008 at 17:35

Cisco 800 series?

Depends on your budget really

dave-lew99 · 28 May 2008 at 19:51

If you want somthing just for their laptops to use, maybe give OpenVPN a go - has a nice windows GUI client too, where i work use it without problems - links stay up for months without fail.

I also use it personally too and can't fault it

Plus, it's free.

Jimathy · 29 May 2008 at 22:30

Been using Drayteks for a while now and always found them to be reliable. The 2800's will do Site to Site and individual users. Just stay away from the wireless versions.

zetec452 · 30 May 2008 at 07:52

If you are using Windows 2003 Server then RAS can be decent if setup correctly.

Personally I'd go for a hardware based VPN. Sonicwall TZ170 with some VPN nodes would do the trick without breaking the bank.

Hodders · 30 May 2008 at 10:05

If you have an exchange server you could use OWA. Exchange is a pain as it doesn't use consistent ports so you can't really 'port forward' to an exchange server. You could providing the end users have static IP addresses simply port forward *their addresses only* 136-138 to the fileserver.

Whilst not very secure it would allow your two users to access email and files with no equipment costs.

We have used Netgear DGFV338 to do site to site IPSec VPNs and they are great, simple to set up and reliable. They have both ethernet and adsl wan ports so can use both cable and adsl broadband and cost about £120 each.

Or look up poptop and put it on a cheap linux box and use it as a pptp vpn server.

oddjob62 · 30 May 2008 at 10:52

Hodders said:
If you have an exchange server you could use OWA. Exchange is a pain as it doesn't use consistent ports so you can't really 'port forward' to an exchange server.

If you use RPC over HTTP you just have to forward port 443. Works beautifully.

jamoor · 31 May 2008 at 23:00

We use sonicwall, excellent for just basic file accessing.

Silent Bob · 1 Jun 2008 at 18:59

At work we've got a debian linux machine with pptp installed, then use the built-in windows vpn client to connect. Been using it for the last few years without issues.

volkan · 1 Jun 2008 at 20:19

I use OpenVPN to access RDC and SSH, works great!

m_cozzy · 1 Jun 2008 at 22:03

another vote for an asa5505
Or for a super tight budget an 8** series with 2 ethernet ports rather than the 1 ethernet, 1 adsl. With the correct ios this will be more flexible than the license restricted 5505.

As for drayteks I wouldn't use them at home use let alone business. Found them terribly unreliable especially when ipsec was involved.
Again with a thrown together linux solution, I have used them in the past but for a fit & forget solution its a cisco device every time.

tbz_ck · 2 Jun 2008 at 10:02

I'll see what they are prepared to budget for hardware and then take a look at your suggestions. Thanks for your suggestions folks

bigredshark · 2 Jun 2008 at 10:52

I'd say Juniper SSG5 or Cisco 1800 but that's just what we use so other hardware would do it obviously. Most support friendly option is a Cisco, everyone can configure one so no trouble getting help if they need it and the VPN client is very good.

TrX · 2 Jun 2008 at 17:58

dave-lew99 said:
If you want somthing just for their laptops to use, maybe give OpenVPN a go - has a nice windows GUI client too, where i work use it without problems - links stay up for months without fail.

I also use it personally too and can't fault it

Plus, it's free.

If you are looking for a small office solution without dedicated VPN equipment I would second this.
It may also be worth looking into the community edition of SSLExplorer, which offers web based SSL tunnels with multiple users (and the joys of the user needing nothing installed but a web browser).

If you do want to splash out on a more dedicated hardware solution at the office end, then there have already been multiple good suggestions, however it does not really sound like you are needing this much horsepower. (Two members of staff... SSLExplorer will do 200 nicley on a decent box)

//TrX