Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Cheap VPN for office use
New Posts  All Forums:Forum Nav:

Cheap VPN for office use - Page 2

post #11 of 20
Thread Starter 
Quote:
Originally Posted by dushan24 View Post

Do it off the WatchGuard, IPSec is easy to configure, I think even the lowest FireWare licence allows 3 IPSec Tunnels

My Watchguard gives me options for Mobile IPSeC and Mobile SSL.

I've i'm not mistaken, IPSeC will allow the most users, however, # of users isn't an issue, security/performance are the highest priorities. SSL have any caveats that I should know about?
Main Rig
(13 items)
 
Secondary Rig
(12 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Evga 670 FTW 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsRAM
i7 3770k ASRock Z77 Pro4-M Gigabyte 780 OC Crucial Ballistix  
Hard DriveHard DriveOptical DriveOS
Samsung 830 series WD Black Asus 24x Windows 7 
MonitorMonitorPowerCase
Asus 24in  27in 1440p Auria CM 750 600T 
  hide details  
Reply
Main Rig
(13 items)
 
Secondary Rig
(12 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Evga 670 FTW 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsRAM
i7 3770k ASRock Z77 Pro4-M Gigabyte 780 OC Crucial Ballistix  
Hard DriveHard DriveOptical DriveOS
Samsung 830 series WD Black Asus 24x Windows 7 
MonitorMonitorPowerCase
Asus 24in  27in 1440p Auria CM 750 600T 
  hide details  
Reply
post #12 of 20
Quote:
Originally Posted by lacrossewacker View Post

My Watchguard gives me options for Mobile IPSeC and Mobile SSL.

I've i'm not mistaken, IPSeC will allow the most users, however, # of users isn't an issue, security/performance are the highest priorities. SSL have any caveats that I should know about?

Harder to setup I guess...

On WatchGuards, the SSL VPN is more for use as a browser based VPN.

Where as IPSec is for actually connecting to and using resources on the remote network, as well as tunneling all your traffic (assuming you set the flag to force all traffic through the tunnel).

IPSec is the way to go IMO, just an FYI too. If you are running any web servers on the NAT of the source LAN and want to access the sites via the IPSec client, there is a bug, WatchGuard confirmed it to me. I'll tell you if you want how to fix it.
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
post #13 of 20
Thread Starter 
Quote:
Originally Posted by dushan24 View Post

Harder to setup I guess...

On WatchGuards, the SSL VPN is more for use as a browser based VPN.

Where as IPSec is for actually connecting to and using resources on the remote network, as well as tunneling all your traffic (assuming you set the flag to force all traffic through the tunnel).

IPSec is the way to go IMO, just an FYI too. If you are running any web servers on the NAT of the source LAN and want to access the sites via the IPSec client, there is a bug, WatchGuard confirmed it to me. I'll tell you if you want how to fix it.

Well, it turns out that we'll be bringing on a new employee who'll be 100% telecommuting. (not even in the same state). The data that she is going to need to access is actually offsite as well, held by a third party, and the only way to access it is through our own IP. They're not going to open any extra IP's outside of our own location due to policies and just a pain on their end. So she'll need to remote onto our end so she can then pass along through to the third party location where the data resides. Do you still recommend IPSec or is SSL the way to go? IPSec looks easier to setup, I just had chosen SSL over it to avoid any NAT confusion on our end or her end. What do you think?
Main Rig
(13 items)
 
Secondary Rig
(12 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Evga 670 FTW 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsRAM
i7 3770k ASRock Z77 Pro4-M Gigabyte 780 OC Crucial Ballistix  
Hard DriveHard DriveOptical DriveOS
Samsung 830 series WD Black Asus 24x Windows 7 
MonitorMonitorPowerCase
Asus 24in  27in 1440p Auria CM 750 600T 
  hide details  
Reply
Main Rig
(13 items)
 
Secondary Rig
(12 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Evga 670 FTW 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsRAM
i7 3770k ASRock Z77 Pro4-M Gigabyte 780 OC Crucial Ballistix  
Hard DriveHard DriveOptical DriveOS
Samsung 830 series WD Black Asus 24x Windows 7 
MonitorMonitorPowerCase
Asus 24in  27in 1440p Auria CM 750 600T 
  hide details  
Reply
post #14 of 20
Our company also has/had a Watchguard firewall and I used thier VPN for a while. It was not great. Our current solution is a Cisco ASA 5505. It is a cost effective solution for a small number of VPN clients. The Cisco AnyConnect software (SSL) works great and is easy to configure and use. We are much happier with it than the watchguard solution.
Main Rig
(15 items)
 
  
Reply
Main Rig
(15 items)
 
  
Reply
post #15 of 20
Thread Starter 
Quote:
Originally Posted by BFRD View Post

Our company also has/had a Watchguard firewall and I used thier VPN for a while. It was not great. Our current solution is a Cisco ASA 5505. It is a cost effective solution for a small number of VPN clients. The Cisco AnyConnect software (SSL) works great and is easy to configure and use. We are much happier with it than the watchguard solution.

what was wrong with watchguard? Performance? Dropping connections? Complexity?

it's gonna be hard persuading anybody from upgrading from a 2,000 dollar firewall, to a 25,000 dollar unit
Edited by lacrossewacker - 2/22/13 at 6:02am
Main Rig
(13 items)
 
Secondary Rig
(12 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Evga 670 FTW 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsRAM
i7 3770k ASRock Z77 Pro4-M Gigabyte 780 OC Crucial Ballistix  
Hard DriveHard DriveOptical DriveOS
Samsung 830 series WD Black Asus 24x Windows 7 
MonitorMonitorPowerCase
Asus 24in  27in 1440p Auria CM 750 600T 
  hide details  
Reply
Main Rig
(13 items)
 
Secondary Rig
(12 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Evga 670 FTW 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsRAM
i7 3770k ASRock Z77 Pro4-M Gigabyte 780 OC Crucial Ballistix  
Hard DriveHard DriveOptical DriveOS
Samsung 830 series WD Black Asus 24x Windows 7 
MonitorMonitorPowerCase
Asus 24in  27in 1440p Auria CM 750 600T 
  hide details  
Reply
post #16 of 20
Quote:
Originally Posted by lacrossewacker View Post

what was wrong with watchguard? Performance? Dropping connections? Complexity?

it's gonna be hard persuading anybody from upgrading from a 2,000 dollar firewall, to a 25,000 dollar unit

Both are good firewalls / UTM's.

IPSec is typically utilized for site-site VPN's utilizing either IKEv1/isakmp or IKEv2 which utilize pre-shared keys. SSL VPN is usually the preferred for remote access into a network.

As for the ASA5505 with the security license will only cost about $1000 for the unit ~$100 for the SmartNet contract, and requires a separate contract for Content Filtering via IronPort filtering. Depending on the number of concurrent connections hitting your web servers may not be the best solution for you need and would recommend either the 5510. IPS for the 5500 series requires a module and separate SmartNet contract. The 5500x series if I understand it correctly has IPS built into the device so there is no additional cost for the IPS module. The 5512x will cost around $2500 then ~$250 for the SmartNet. I will say that Anyconnect allows for greater flexibility and will also allow for 2 factor authentication if that is a requirement.

Most of what people on OCN will recommend will be OpenSource based products which is fine for some situations, however when you are running a business that requires Near Real-time fault tolerance this is not the way to go as support, HA and recovery is not usually an option.

Regardless your company needs to get some Engineering/Architecture support that will gather all of your requirements and design / implement an over-all solution that will satisfy all of your requirements.

Feel free to PM me if you wish and we can discuss further... have to run to a meeting now.
The Raven
(17 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveHard DriveOptical Drive
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  Samsung F3 1TB None 
CoolingOSOSPower
Noctua NH-D14 Ubuntu 13.04 Windows 8 XFX 850W BE 
Case
SILVERSTONE RV02B-EW 
  hide details  
Reply
The Raven
(17 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveHard DriveOptical Drive
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  Samsung F3 1TB None 
CoolingOSOSPower
Noctua NH-D14 Ubuntu 13.04 Windows 8 XFX 850W BE 
Case
SILVERSTONE RV02B-EW 
  hide details  
Reply
post #17 of 20
We actually use both a 5505 and 5510, they have thier duties split between them. The 5505 only handles VPN connections for our key people (3 atm). The 5510 handles more traditional firewall roles. Neither one came close to $25,000. The watchguard vpn software was a bit flakey when installing and did not keep its connection well. It also could not effectively utilize our 100Mbit fiber connection. We moved the watchgaurd to a secondary data center where the data transfer is less important.
Main Rig
(15 items)
 
  
Reply
Main Rig
(15 items)
 
  
Reply
post #18 of 20
The WatchGuard IPSec client software is dodgy, they actually don't even support it anymore.

They recommend you use the free and open source ShrewSoft VPN client instead.

http://www.shrew.net/download

If you're unfamiliar, it's a great tool. Compatible with the WG policies and all...
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
post #19 of 20
Quote:
Originally Posted by lacrossewacker View Post

Good afternoon folks.

I'm looking for a good VPN/RD service that will allow me to log onto a computer back in the office and make some configuration changes from home.

Reason being.....we were closed this past Monday. Unfortunately the Shoretel server was acting up and didn't play our President's day message like we set it up to do the Friday before. Nobody could come into the office and change the Shoretel server manually.

In preparation for an issue like this in the future, we'd like to have some sort of VPN client installed on certain computers that would allow us to login from home and access our workstations/switches/etc...

We'd only need 2-3 people max with this ability. Which product do you all recommend?

Let's keep the price low as this is a service we'd use VERY rarely.

Our workstations comprise of windows 7 and 8, and we use a Watchguard Firewall.





Hi, this is Deeh from the Cisco small business group. Based on what you just posted, I initially recommend the RV 110W for your VPN needs. You can check the details on this link http://www.cisco.com/en/US/products/ps11762/index.html By the way when do you plan to deploy?
post #20 of 20
Quote:
Originally Posted by Deeh View Post

Hi, this is Deeh from the Cisco small business group. Based on what you just posted, I initially recommend the RV 110W for your VPN needs. You can check the details on this link http://www.cisco.com/en/US/products/ps11762/index.html By the way when do you plan to deploy?

Although this may be a viable solution this would require another device at the remote end for the IPSec functionality. The OP would be better suited with an ASA 5505 in order to utilize SSL VPN's. they could then set up the SSL VPN as either clientless or with AnyConnect.

IPSec is primarily setup for site-to-site VPN tunnels. http://www.cisco.com/en/US/prod/collateral/routers/ps10907/ps9923/data_sheet_c78-660141_ps9923_Products_Data_Sheet.html
IP Security (IPsec) Site-to-Site Tunneling and Point-to-Point Tunneling Protocol (PPTP) VPN support, providing highly secure remote access connectivity for Windows and Mac OS computers

Also if you are indeed from Cisco and are able to act as a rep for them on this site you should speak with a mod about getting put on the Vendor list or something.
Edited by bratas - 2/27/13 at 12:39pm
The Raven
(17 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveHard DriveOptical Drive
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  Samsung F3 1TB None 
CoolingOSOSPower
Noctua NH-D14 Ubuntu 13.04 Windows 8 XFX 850W BE 
Case
SILVERSTONE RV02B-EW 
  hide details  
Reply
The Raven
(17 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveHard DriveOptical Drive
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  Samsung F3 1TB None 
CoolingOSOSPower
Noctua NH-D14 Ubuntu 13.04 Windows 8 XFX 850W BE 
Case
SILVERSTONE RV02B-EW 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Cheap VPN for office use