[nmglug] firewall and vpn access

Andrew Farnsworth farnsaw at stonedoor.com
Wed Mar 6 22:04:24 PST 2013 

Yes, that is exactly what it means.  It means you are buying a license
for two concurrent SSL VPN users... if you want more than two at a
time, you have to buy additional licenses.  SSL VPN is convenient for
when you are roaming about and may not be on your own computer but
IPSec VPN will generally get you onto your internal network as if you
were in house.

More Information: http://searchsecurity.techtarget.com/definition/SSL-VPN

Andy

On Wed, Mar 6, 2013 at 9:36 PM, Mike Allen <mike at mountainstatestech.com> wrote:
> Thanks Nick,  Today I was looking at Endian community and openVPN and
> started setting it
> up on a pc but something like the Zyzel is definitely affordable and may be
> a little better solution.
>
> The Zyzel USG50
> http://www.newegg.com/Product/Product.aspx?Item=33-181-137%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
> has 2 wan ports and isn't much more expensive.  I am curious about the this
> though:
>
> Max. Concurrent IPSec VPN Tunnels: 5
> Max. Concurrent SSL VPN Users: 5
> Included SSL VPN Users: 2
>
> What does that last line mean about included ssl vpn users ?
>  Does that mean I have to purchase more if more than two users need access ?
>
> and too many new acronyms to lookup ;-)
>
>
>
>
>
>
>
>
>
> On 3/5/2013 9:10 PM, Nick Frost wrote:
>>
>> On 03/05/2013 08:20 PM, Mike Allen wrote:
>>
>>> Where I work, we have two separate networks, one network with a
>>> Sonicwall NSA2400 and we use Sonicwall Netextender for SSL-VPN
>>> connections into the network from outside.  Financial resources are
>>> tight now so I'm looking for a 'free' or low-cost solution for our
>>> second network that will also need SSL-VPN or some similar remote
>>> access.   I have spare PC's and NICS to use but don't know much about
>>> setting up a firewall or VPN access.  Can this  be done with something
>>> like Untangle or is there something else, hardware / software,  needed
>>> for VPN's or SSL-VPN's ?  Behind the firewall will be 2 linux machines
>>> and about 30 windows machines including 2 windows servers.
>>> Where would be a good place to start ?
>>
>> Many small businesses use Cisco ASA's as firewalls (e.g. 5505, 5510.
>> etc.)  I've deployed ASA's with RADIUS for user-level authentication
>> utilizing FreeRADIUS (which is virtually maintenance free).
>>
>> There are cheap appliance options that have additional options of
>> supporting BGP and OSPF if you don't require too many simultaneous SSL
>> VPN clients (or IPSec);
>>
>> $153.99
>> ZyXEL ZyWALL ZWUSG20 Internet Security Firewall with 4 Gigabit LAN / DMZ
>> Ports, 2 IPSec VPN, SSL VPN , and 3G WAN Support
>> http://www.newegg.com/Product/Product.aspx?Item=33-181-144&ParentOnly=1
>>
>> Some people say the Zyxel's are complex to configure, I've used several
>> Zyxel firewall products without difficulties (though I use Cisco ASA's
>> usually in a business context).  I've only used the Zyxel's in
>> residential implementations but I've had some of them up doing one or
>> two IPSec VPN for sessions 18 months at a time (Zywall uptime).  One
>> issue is how many session connections will you need to support?
>>
>> Another option might be IPFire or Pfsense with dual, tri, or quad NIC's
>> on some decent hardware (OEM, or custom build with Tyan, Supermicro,
>> etc).  IPFire/Pfsense are BSD based.  OpenVPN might be an alternative as
>> well.
>>
>> One can deploy OpenVPN with Pfsense;
>>
>> http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN
>> http://openvpn.net/index.php/open-source/downloads.html
>>
>> I'm sure there are many other options as well.
>>
>> -Nick
>>
>
> _______________________________________________
> nmglug mailing list
> nmglug at lists.nmglug.org
> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org

More information about the nmglug mailing list