[nmglug] firewall and vpn access

Mike Allen mike at mountainstatestech.com
Wed Mar 6 18:36:40 PST 2013 

Thanks Nick,  Today I was looking at Endian community and openVPN and 
started setting it
up on a pc but something like the Zyzel is definitely affordable and may be
a little better solution.

The Zyzel USG50
http://www.newegg.com/Product/Product.aspx?Item=33-181-137%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
has 2 wan ports and isn't much more expensive.  I am curious about the 
this though:

Max. Concurrent IPSec VPN Tunnels: 5
Max. Concurrent SSL VPN Users: 5
Included SSL VPN Users: 2

What does that last line mean about included ssl vpn users ?
  Does that mean I have to purchase more if more than two users need 
access ?

and too many new acronyms to lookup ;-)








On 3/5/2013 9:10 PM, Nick Frost wrote:
> On 03/05/2013 08:20 PM, Mike Allen wrote:
>
>> Where I work, we have two separate networks, one network with a
>> Sonicwall NSA2400 and we use Sonicwall Netextender for SSL-VPN
>> connections into the network from outside.  Financial resources are
>> tight now so I'm looking for a 'free' or low-cost solution for our
>> second network that will also need SSL-VPN or some similar remote
>> access.   I have spare PC's and NICS to use but don't know much about
>> setting up a firewall or VPN access.  Can this  be done with something
>> like Untangle or is there something else, hardware / software,  needed
>> for VPN's or SSL-VPN's ?  Behind the firewall will be 2 linux machines
>> and about 30 windows machines including 2 windows servers.
>> Where would be a good place to start ?
> Many small businesses use Cisco ASA's as firewalls (e.g. 5505, 5510.
> etc.)  I've deployed ASA's with RADIUS for user-level authentication
> utilizing FreeRADIUS (which is virtually maintenance free).
>
> There are cheap appliance options that have additional options of
> supporting BGP and OSPF if you don't require too many simultaneous SSL
> VPN clients (or IPSec);
>
> $153.99
> ZyXEL ZyWALL ZWUSG20 Internet Security Firewall with 4 Gigabit LAN / DMZ
> Ports, 2 IPSec VPN, SSL VPN , and 3G WAN Support
> http://www.newegg.com/Product/Product.aspx?Item=33-181-144&ParentOnly=1
>
> Some people say the Zyxel's are complex to configure, I've used several
> Zyxel firewall products without difficulties (though I use Cisco ASA's
> usually in a business context).  I've only used the Zyxel's in
> residential implementations but I've had some of them up doing one or
> two IPSec VPN for sessions 18 months at a time (Zywall uptime).  One
> issue is how many session connections will you need to support?
>
> Another option might be IPFire or Pfsense with dual, tri, or quad NIC's
> on some decent hardware (OEM, or custom build with Tyan, Supermicro,
> etc).  IPFire/Pfsense are BSD based.  OpenVPN might be an alternative as
> well.
>
> One can deploy OpenVPN with Pfsense;
>
> http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
> http://openvpn.net/index.php/open-source/downloads.html
>
> I'm sure there are many other options as well.
>
> -Nick
>

More information about the nmglug mailing list