[nmglug] firewall and vpn access

Mike Allen mike at mountainstatestech.com
Wed Mar 6 18:36:40 PST 2013

Thanks Nick,  Today I was looking at Endian community and openVPN and 
started setting it
up on a pc but something like the Zyzel is definitely affordable and may be
a little better solution.

The Zyzel USG50
has 2 wan ports and isn't much more expensive.  I am curious about the 
this though:

Max. Concurrent IPSec VPN Tunnels: 5
Max. Concurrent SSL VPN Users: 5
Included SSL VPN Users: 2

What does that last line mean about included ssl vpn users ?
  Does that mean I have to purchase more if more than two users need 
access ?

and too many new acronyms to lookup ;-)

On 3/5/2013 9:10 PM, Nick Frost wrote:
> On 03/05/2013 08:20 PM, Mike Allen wrote:
>> Where I work, we have two separate networks, one network with a
>> Sonicwall NSA2400 and we use Sonicwall Netextender for SSL-VPN
>> connections into the network from outside.  Financial resources are
>> tight now so I'm looking for a 'free' or low-cost solution for our
>> second network that will also need SSL-VPN or some similar remote
>> access.   I have spare PC's and NICS to use but don't know much about
>> setting up a firewall or VPN access.  Can this  be done with something
>> like Untangle or is there something else, hardware / software,  needed
>> for VPN's or SSL-VPN's ?  Behind the firewall will be 2 linux machines
>> and about 30 windows machines including 2 windows servers.
>> Where would be a good place to start ?
> Many small businesses use Cisco ASA's as firewalls (e.g. 5505, 5510.
> etc.)  I've deployed ASA's with RADIUS for user-level authentication
> utilizing FreeRADIUS (which is virtually maintenance free).
> There are cheap appliance options that have additional options of
> supporting BGP and OSPF if you don't require too many simultaneous SSL
> VPN clients (or IPSec);
> $153.99
> ZyXEL ZyWALL ZWUSG20 Internet Security Firewall with 4 Gigabit LAN / DMZ
> Ports, 2 IPSec VPN, SSL VPN , and 3G WAN Support
> http://www.newegg.com/Product/Product.aspx?Item=33-181-144&ParentOnly=1
> Some people say the Zyxel's are complex to configure, I've used several
> Zyxel firewall products without difficulties (though I use Cisco ASA's
> usually in a business context).  I've only used the Zyxel's in
> residential implementations but I've had some of them up doing one or
> two IPSec VPN for sessions 18 months at a time (Zywall uptime).  One
> issue is how many session connections will you need to support?
> Another option might be IPFire or Pfsense with dual, tri, or quad NIC's
> on some decent hardware (OEM, or custom build with Tyan, Supermicro,
> etc).  IPFire/Pfsense are BSD based.  OpenVPN might be an alternative as
> well.
> One can deploy OpenVPN with Pfsense;
> http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
> http://openvpn.net/index.php/open-source/downloads.html
> I'm sure there are many other options as well.
> -Nick

More information about the nmglug mailing list