Slashdot Mirror

← Back to Stories (view on slashdot.org)

VPN Solutions for Small/Medium Businesses?

Posted by ryuzaki0 on from the a-network-in-a-network dept.

artbeall asks: "I work for a small company and we are looking at various commercial VPN solutions, however many seem to be too expensive for us. I am interested in what solutions other small/medium size companies are using for their VPN. Of course, we want a SECURE system that is compatible with common network gear like Cisco as well as being able to run the VPN client on Linux, Solaris, and Windows. Does anyone have suggestions or ideas?"

6 of 126 comments (clear)

  1. Re:Cisco VPN 3000 by _RiZ_ · · Score: 2, Interesting

    Finally someone with some good advice. I would forget about anything which is considered consumer products. We use a whole host of Cisco 3000 series VPN devices for all sizes of small and large branch offices. We use from the 3002 to the 3030. I have to say, they are ultra reliable, very secure, very well supported by Cisco and the associated community of Cisco users, and has clients for major OS's. Its a win win situation if you ask me. You do have to shell out a little more than the guy who was recommending you commit fraud by buying a lame Linksys device and a flat screen for yourself, but in the end you will get a rock solid, well supported, and very configurable device.

  2. Astaro by dracocat · · Score: 2, Interesting

    I have definately become a fan of Astaro. It is not free, but in my opinion very reasonable, and worth the cost in time savings. It works with the built-in windows client, and the thing pretty much installs and sets itself up. They have a free 30-day full featured demo, and the entire thing is free for "home use".

    Did I mention I have become a huge fan? or was it already obvious?

  3. Re:OpenVPN rawks the Casbah by bryanc · · Score: 2, Interesting

    OpenVPN is great. We've tried the PPTP thing, but there is a tendancy for users to dink with settings that end up with unwanted traffic on our network (e.g. default route goes through the vpn).

    OpenVPN puts all of this in a config file even on windows. Distribute the config and installation package and you're done. Need more security? Distribute the key files as well.

  4. Re:Cisco VPN 3000 by Fhqwhgadss · · Score: 2, Interesting
    I would have to respectfully disagree. I run a VPN3030 installation and it has provided numerous headaches when coupled with the Cisco VPN Client for both Windows and OSX. The clients frequently got disconnected from the concentrator until we disabled IKE keepalives and changed the rekeying interval to 8 hours. The WEBVPN feature absolutely sucks, having caused several crashes and rendering several web pages badly. The client for OSX on Intel fails miserably; we're pushing out Cisco's new client for that, but I'm skeptical.

    Worst of all, Cisco's TAC is horrid for this product. One support engineer actually told us to disable the firewall on SP2 in order to allow the client to connect, rather than opening the specific ports that are necessary for the connection (hello, we're trying to secure our internal applications, not expose them to any shmuck who decides to 'own' an unprotected XP machine). Another referred to our Heimdal kerberos server as "third party" since he had never heard of a kerberos server outside of Active Directory.

    The only case where we haven't had problems is for the few users that we have set up PIX boxes for at their homes. Not exactly an ideal setup for mobile users.

    Cisco has assured us that the ASA does not suck as bad. We'll see when the evaluation unit gets in.

    --
    How does a 7-person democracy cut a pie? Into 4 pieces.
  5. snapgears! by alta · · Score: 3, Interesting

    Cyberguard bought snapgear, but they still sell the same products. These are great little boxes that we used to set up a 7 office network across the state of alabama across whatever networks were cheapest (cable, dsl, T1)

    We had 530s in each of the hub offices and a 575 in the main office. (Still have the 575, have since closed all the branches) I still have the 530s and I refuse to sell them because they are such nice little boxes. I'm going to take one home and make it vpn back to here.

    --
    Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
  6. Citrix Access Gateway by PFactor · · Score: 2, Interesting

    Citrix bought a company called Net6 a couple of years ago. Net6 made an SSL VPN "appliance", which runs a hardened Linux OS. Citrix rebranding it as the "Citrix Access Gateway", or CAG.

    The 1st iteration was not so good because they rushed the rebranding and integration stuff. The 2nd and 3rd iterations were OK.

    The latest revision is quite good. It supports around 2000 concurrent users, has easy to use yet powerful access controls and integrates nicely with Citrix's Presentation Server 4 product.

    The cost is pretty good: the box is $2500 and licenses retail for around $100/concurrent user. If you have 100 users and your highest expected concurrent remote access count is 25, your cost would be $2500 + 25 x 100 = $5,000. If you buy 2 boxes (they have a built-in failover mechanism for redundancy), the cost would be $7500.

    I work for a major healthcare provider and we're replacing Cisco VPN concentrators with the CAG. We bought 4 CAGs and are using Citrix's Advanced Access Control (AAC) product to integrate the CAGs with our internal portals (AAC makes the cost go up pretty high, though). We have around 40,000 users and our max concurrent remote users is currently around 4,000.

    Check it out: http://www.citrix.com/English/ps2/products/product .asp?contentID=15005

    And no, I'm not the CEO of Citrix in disguise. I just believe in their products; we've saved a ton of $$$ using them!

    --
    Don't believe anything I say. I crash test crack pipes for a living.