NETOPIA 4622-XL for VPN. Any reviews please? Also alternate VPN Router Suggestion. IPSEC or PPTP?

[rudy23]

I am implementing a VPN Solution for our small branch office in NYC. I came across this Router NETOPIA 4622-XL. We need about 5-10 simulaneous VPN tunnels into the router. The Product specs look very good and it seems to be perfect for our requirements. However I havent been able to find even a single review for this Product. Has anybody used this? The Total cost is around $ 900. I am wondering wether to get this or the CISCO 1721 with VPN Bundle for 2k. Is just read somewhere on these forums that IPSEC is a better option over PPTP. The netopia seems to use PPTP.

Does anybody have a suggestion for a good Robust VPN router. I have 20 Workstations (Win2k Prof) and 10 Servers(Win2k Server) in my Network . we have a 750 KBPS Fractional T1 Line with Static IP addresses. People from Remote locations should be able to connect using a software Client to the Network. I have a budget of about $ 2000 for the Router itself.


Any Help Suggestions Greatly appreciated.

Thanks

 

[cmetz]

rudy23, Cisco PIX 501. Runs about $500 on CDW. The standard bundle comes with 10 concurrent tunnels these days. Cisco's VPN client software is "free" to install on remote PCs, you just need to have enough concurrent user licenses on the PIX (or other Cisco device) to handle the simultaneous connections.

The Cisco VPN software client is pretty good IMO. The most important thing: three pieces of data entered on the client side, the rest is policy pushed out by the PIX. Other IPsec clients can require more client-side configuration and that's a huge management headache.

 

[rudy23]

If I get the Pix will I also need a Router for connecting to T1 Line? Also the licenses seem to be for each computer on the network plus remote users so it might turn out to be a bit more expensive than it seems. But if configuration is easy and the connection is reliable it should do the Job. I am just hoping to get a Router with a VPN sever.

Thanks for the Reply.

 

[mboy]

I vote for the Snapgear 5SME 575 for about $900 I believe.
www.snapgear.com
They have an demo of their GUI interface.

You will need a DSU for your T1. I have a snapgear 550 at home which I love.
Lifetime free firmware updates, no user licenses and no VPN licenses. ALL type os VPN (3DES,256AES), etc. Full CLI interface, SSH,SSL dial up admin/user/or failover.
VERY nice units for the $$$$.

@ work I have a Netopia 5300 with a T1 module (built in DSU). I like it for the most part. That will also do VPN off of it (pptp and Ipsec), however I have A sonicwall (which I DO NOT LIKE) pro 200 behind it handling my VPN endpoint.

*** you could also go with the 550 that I use ($380 or so delivered). It will do ALL you want, but does not have a DMZ interface, just WAN & LAN. Supports up to 500 VPN tunnels (8mb or so 3DES thruput). Hardware crypto XLRated.

 

[rudy23]

Originally posted by: mboy

*** you could also go with the 550 that I use ($380 or so delivered). It will do ALL you want, but does not have a DMZ interface, just WAN & LAN. Supports up to 500 VPN tunnels (8mb or so 3DES thruput). Hardware crypto XLRated.

Thanks for the info. what company is this 550 that you are talking abt.

The SME 575 looks very good but it has only one lan port. Can I plug in the T1 line directly into it or will I have to buy a seperate DSU interface. I already have a Netopia router from my service provider with 8 ports on it. and I get lines out of that router as I need them asssigning them static IP addresses.

 

[mboy]

Originally posted by: rudy23

Originally posted by: mboy

*** you could also go with the 550 that I use ($380 or so delivered). It will do ALL you want, but does not have a DMZ interface, just WAN & LAN. Supports up to 500 VPN tunnels (8mb or so 3DES thruput). Hardware crypto XLRated.

Thanks for the info. what company is this 550 that you are talking abt.

The SME 575 looks very good but it has only one lan port. Can I plug in the T1 line directly into it or will I have to buy a seperate DSU interface. I already have a Netopia router from my service provider with 8 ports on it. and I get lines out of that router as I need them asssigning them static IP addresses.

The t1 is coming into your router then, so you will need to connect the WAN port of the firewall to an LAN out on the router. You will also need a switch (cheap nowadays) to plug into the LAN port of the firewall and plug your remaining PC's into the switch.
The 550 is also made by Snapgear. It is their lower end of their higher level product and should suit you fine.
You should run NAT off of the firewall for the IP's on your LAN.
That's it, no DSU if going from router to firewall as the DSU goes between the t1 line and the router (or the router has it built in).

Who is your ISP btw? I am in NJ.

 

[rudy23]

Who is your ISP btw? I am in NJ.

we have two ISP's right now. Eureka and Cogent. By Firewall you were reffering to my Router right and not the router provided by my ISP.

The reason I want a router with a switch built in it is that If I connect a system to the network behind a switch I cannot connect to a clients VPN server using the nortel contivity client. It keeps giving a time out error. So the system should be connected either directly into my router or directly into the ISP router. Hence im looking for a router with a built in 4 port switch. Is there any alternative to this?

Also any good links giving info about NAT?

Thanks

 

[mboy]

Not trying to be a bad guy Rudy, but why are you the one implementing this VPN? I would really reco hiring someone who knows what they are doing. No offense, but if you don't know what NAT is, think a switch is stopping your VPN client from connecting, then you have no business doing this for a business environment.

 

[rudy23]

Originally posted by: mboy
Not trying to be a bad guy Rudy, but why are you the one implementing this VPN? I would really reco hiring someone who knows what they are doing. No offense, but if you don't know what NAT is, think a switch is stopping your VPN client from connecting, then you have no business doing this for a business environment.

See I aint no networking Guru. But I can handle the confiuration if someone can walk me through it. Like Cisco's TAC team did. I will do it on a test environtment first before moving it onto the main system. Also paying people to configure a VPN is mad expensive. I am sure that once I get a hang of it I can handle it.