[nmglug] firewall and vpn access
Nick Frost
nickf at frostitute.com
Tue Mar 5 20:10:40 PST 2013
On 03/05/2013 08:20 PM, Mike Allen wrote:
> Where I work, we have two separate networks, one network with a
> Sonicwall NSA2400 and we use Sonicwall Netextender for SSL-VPN
> connections into the network from outside. Financial resources are
> tight now so I'm looking for a 'free' or low-cost solution for our
> second network that will also need SSL-VPN or some similar remote
> access. I have spare PC's and NICS to use but don't know much about
> setting up a firewall or VPN access. Can this be done with something
> like Untangle or is there something else, hardware / software, needed
> for VPN's or SSL-VPN's ? Behind the firewall will be 2 linux machines
> and about 30 windows machines including 2 windows servers.
> Where would be a good place to start ?
Many small businesses use Cisco ASA's as firewalls (e.g. 5505, 5510.
etc.) I've deployed ASA's with RADIUS for user-level authentication
utilizing FreeRADIUS (which is virtually maintenance free).
There are cheap appliance options that have additional options of
supporting BGP and OSPF if you don't require too many simultaneous SSL
VPN clients (or IPSec);
$153.99
ZyXEL ZyWALL ZWUSG20 Internet Security Firewall with 4 Gigabit LAN / DMZ
Ports, 2 IPSec VPN, SSL VPN , and 3G WAN Support
http://www.newegg.com/Product/Product.aspx?Item=33-181-144&ParentOnly=1
Some people say the Zyxel's are complex to configure, I've used several
Zyxel firewall products without difficulties (though I use Cisco ASA's
usually in a business context). I've only used the Zyxel's in
residential implementations but I've had some of them up doing one or
two IPSec VPN for sessions 18 months at a time (Zywall uptime). One
issue is how many session connections will you need to support?
Another option might be IPFire or Pfsense with dual, tri, or quad NIC's
on some decent hardware (OEM, or custom build with Tyan, Supermicro,
etc). IPFire/Pfsense are BSD based. OpenVPN might be an alternative as
well.
One can deploy OpenVPN with Pfsense;
http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
http://openvpn.net/index.php/open-source/downloads.html
I'm sure there are many other options as well.
-Nick
--
---------------------------------------
Nicholas S. Frost
7 Avenida Vista Grande #325
Santa Fe, NM 87508
nickf at frostitute.com
http://www.datamender.com/
----------------------------------------
More information about the nmglug
mailing list