• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Windows VPN vs. Hardware VPN

T

ThePiston

Senior member
I was going to use Windows VPN to connect my home network to my work network (I'm the boss so I have control over all of it). I was going to just use Windows XP Pro VPN but a network pro friend of mine told me about hardware VPN using 3DES encryption. He made a good point that after you buy the hardware and set it up there would be no overhead on the clients.

Can anyone give me a good reason to buy 2 new routers that support 3DES VPN vs just using Windows VPN?
 
If the VPN is rarely used might be that there is No strong reason to get End Point Routers.

Otherwise, VPN is based on very strong encryption and certificate. It needs a lot of power to perform stable and fast.

Therefore, if you depend on VPN connection you would like to get Hardware end points.

Depending on what is the nature of the remote connection this is a free solution.

Ultr@VNC (Remote Control for your Network/Internet) - Installation, and Settings

Depending on the level of security needed, it can be use with encryption or SSH.

:sun:
 
Originally posted by: JackMDS
If the VPN is rarely used might be that there is No strong reason to get End Point Routers.

Otherwise, VPN is based on very strong encryption and certificate. It needs a lot of power to perform stable and fast.

Therefore, if you depend on VPN connection you would like to get Hardware end points.

Depending on what is the nature of the remote connection this is a free solution.

Ultr@VNC (Remote Control for your Network/Internet) - Installation, and Settings

Depending on the level of security needed, it can be use with encryption or SSH.

:sun:
Click to expand...
thanks, i will use the VPN probably daily for backups and general "goto" stuff i need on each network. Do you recommend ultraVNC over realVNC or WinVNC?
 
Originally posted by: ThePistonthanks, i will use the VPN probably daily for backups and general "goto" stuff i need on each network. Do you recommend ultraVNC over realVNC or WinVNC?
Click to expand...
I like UltraVNC since it offers easy File transfer and instant Chat.

:sun:

 
Tons of people continue to use Windows PPTP-protocol VPN servers. Or, if they decide that they just HAVE to use Certificates (either for security concerns or because of non-Windows clients), they can use L2TP-protocol and continue to use the built-in VPN server capability of Windows Server.

If you only have a few VPN clients, there's really nothing wrong with using the built-in VPN functionality of Windows Server. And the 128-bit MPPE encryption, while not as THEORETICALLY secure as Certificates, is considered a totally usable protocol for VPN encryption. It's much more likely that somebody will crack a weak password than break MPPE encryption.
 
Are you talking about internal IPs. Or your external IP?

Internal dynamic IP:
If you use a Windows Server to provide DHCP and DNS services, DHCP will automatically update DNS. So you can reach any internal computer using its name when you are on the VPN or on the internal network. We do it all the time and the only static IP address we have is the VPN server.

If you don't have a DNS server, then you aren't going to be able to use computer names to locate computers in your network. NetBIOS, LMHOSTS, or WINS servers can do this for you, but LMHOSTS is no good with dynamic IPs, you don't have a WINS server, and NetBIOS won't pass through a router.
Edit: Apparently hardware VPN routers can pass NetBIOS information through their VPN tunnel.

EXTERNAL dynamic IP:
No, you don't need a static IP to VPN to your site. Either know its current IP address or use a dynamic DNS service, like no-ip.org, to keep your IP address/domain name updated.
 
I'm talking about external IPs. I guess I'd have to use no-ip.org or simply manually find my IP evey time I want to tunnel with the VPN.
 
while hardware VPN appliances are far superior in every way (speed, reliability, flexibility, etc), your situation windows would be OK as it's just a couple clients.

as far as DNS, any client based VPN can use a DNS name for the other endpoint (and that's normally how you do it...never set anything up using the IP)

hardware VPN = can do anything you want and scale it however you want (think SSL vpns, LAN-2-LAN vpns, hardware encryption, etc)
Windows VPN = don't have to buy anthing and it does the job

us hardcore network geeks never use a server to do the "networks job" due to the endless headaches they cause. But in your case you should be just fine.

The biggest reason and I can see where your friend is coming from is for LAN-2-LAN VPNS using network gear is a "set it and forget it" type of deal. If you're just talking a couple clients using built-in windows software then knock yourself out with that - it will work and it will work well.

-edit- for example the teleworker VPN. You nail up a VPN tunnel to the home router dictating your head end policy - that way you can route and inspect their traffic and send it through the various intrusion scanners and what not.
 
Microsoft claims that a Windows Server 2003 running ISA 2004 is good for 300 to 3000 simultaneous PPTP or L2TP VPN connections (depending on processor speed and network connections). I've never tried that many.....so I don't know what's realistic.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top