Networking hardware suggestions...

I am working with a guy that needs some new networking gear. He has three
sites:
1. Main office, 10 computers, server, etc.
2. Remote office1, 6 computers, uses VPN to access server in main office
3. Remote office2, 2 computers, uses VPN to access server in main office

Right now, all of the sites have cable or DSL modems and basic linksys
routers and hubs. None of the office people are computer savvy, and they are
having some networking problems that cause them to have to reboot the
routers.

I'd like to put all new gear in, here are a my requirements in order of
importance:

1. Rock solid reliability...no reboots required.
2. SNMP support, so I can tell if it has a problem.
3. VPN client and server in hardware so I can connect all of the sites
without having to use PC VPN software.
4. POP3 email virus filtering, etc.
5. 1 or 2 - 1 Gigabit Ethernet ports.

What else should I be looking for?

Any suggestions on hardware to meet these requirements? I'd like to keep
the whole thing in the $2,000 range. What are my options in the $2,000 range
that is close to my requirements and how much will I have to pay if I want a
device that does it all?

Tod

www.snapgear.com

SnapGear is owned by Cyberguard Corporation, an Enterprise firewall mfg. in
Florida. Check out their family of products. SnapGears will allow you to
perform intrusion detection, provide for gateway-to-gateway vpn and is a
stateful firewall. Depending on the model, the price is around $700.00 per
unit. There are a host of other features so I would give them a look.

"Tod DeBie" <(E-Mail Removed)> wrote in message
news:ue_Sb.1509$(E-Mail Removed)...
> I am working with a guy that needs some new networking gear. He has three
> sites:
> 1. Main office, 10 computers, server, etc.
> 2. Remote office1, 6 computers, uses VPN to access server in main office
> 3. Remote office2, 2 computers, uses VPN to access server in main office
>
> Right now, all of the sites have cable or DSL modems and basic linksys
> routers and hubs. None of the office people are computer savvy, and they
are
> having some networking problems that cause them to have to reboot the
> routers.
>
> I'd like to put all new gear in, here are a my requirements in order of
> importance:
>
> 1. Rock solid reliability...no reboots required.
> 2. SNMP support, so I can tell if it has a problem.
> 3. VPN client and server in hardware so I can connect all of the sites
> without having to use PC VPN software.
> 4. POP3 email virus filtering, etc.
> 5. 1 or 2 - 1 Gigabit Ethernet ports.
>
> What else should I be looking for?
>
> Any suggestions on hardware to meet these requirements? I'd like to keep
> the whole thing in the $2,000 range. What are my options in the $2,000
range
> that is close to my requirements and how much will I have to pay if I want
a
> device that does it all?
>
> Tod
>
>

In article <ue_Sb.1509$(E-Mail Removed)>,
Tod DeBie <(E-Mail Removed)> wrote:
:I am working with a guy that needs some new networking gear.

:I'd like to put all new gear in, here are a my requirements in order of
:importance:

:1. Rock solid reliability...no reboots required.
:2. SNMP support, so I can tell if it has a problem.
:3. VPN client and server in hardware so I can connect all of the sites
:without having to use PC VPN software.
:4. POP3 email virus filtering, etc.
:5. 1 or 2 - 1 Gigabit Ethernet ports.

:Any suggestions on hardware to meet these requirements? I'd like to keep
:the whole thing in the $2,000 range.

Cisco does not have any equipment that does email virus filtering.
Also, as I recall, Cisco does not have any equipment in the $666 price
range ($2000 / 3 offices) that has any gigabit ports at all
[unless perhaps in their Linksys subsiduary.]

For the first three points, the closest Cisco match would be
a 827, 837, or SOHO 97. The 827 is an older model no longer being
improved; the 837 and SOHO 97 are current models.

The PIX 501 would handle points 1 and 3, but it's SNMP support
is not very extensive -- for example, you cannot get per-tunnel
statistics via SNMP on any PIX, and you can't get a list of
current connections. I don't know how extensive the SNMP
support is on the 837 or SOHO 97.
--
IEA408I: GETMAIN cannot provide buffer for WATLIB.

I looked at the Snapgear site. I am a real newbie on VPN.
If they only wanted VPN access to the main office, would one Snapgear Lite,
installed at the main office be adequate as a VPN server? Could they use
VPN client software that comes with windows at the other locations? The
Snapgear lite is only $299.


"TGW" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> www.snapgear.com
>
> SnapGear is owned by Cyberguard Corporation, an Enterprise firewall mfg.
in
> Florida. Check out their family of products. SnapGears will allow you to
> perform intrusion detection, provide for gateway-to-gateway vpn and is a
> stateful firewall. Depending on the model, the price is around $700.00
per
> unit. There are a host of other features so I would give them a look.
>
> "Tod DeBie" <(E-Mail Removed)> wrote in message
> news:ue_Sb.1509$(E-Mail Removed)...
> > I am working with a guy that needs some new networking gear. He has
three
> > sites:
> > 1. Main office, 10 computers, server, etc.
> > 2. Remote office1, 6 computers, uses VPN to access server in main office
> > 3. Remote office2, 2 computers, uses VPN to access server in main office
> >
> > Right now, all of the sites have cable or DSL modems and basic linksys
> > routers and hubs. None of the office people are computer savvy, and they
> are
> > having some networking problems that cause them to have to reboot the
> > routers.
> >
> > I'd like to put all new gear in, here are a my requirements in order of
> > importance:
> >
> > 1. Rock solid reliability...no reboots required.
> > 2. SNMP support, so I can tell if it has a problem.
> > 3. VPN client and server in hardware so I can connect all of the sites
> > without having to use PC VPN software.
> > 4. POP3 email virus filtering, etc.
> > 5. 1 or 2 - 1 Gigabit Ethernet ports.
> >
> > What else should I be looking for?
> >
> > Any suggestions on hardware to meet these requirements? I'd like to
keep
> > the whole thing in the $2,000 range. What are my options in the $2,000
> range
> > that is close to my requirements and how much will I have to pay if I
want
> a
> > device that does it all?
> >
> > Tod
> >
> >
>
>

You need to determine first what your goal is in terms of access to each
site. Do you need for someone to be able to work remotely from home to the
office and have it be as if they were sitting in the office? Or do you need
to connect the three sites so they would look like one large network, i.e.,
an extranet? The first scenario is a client-to-gateway vpn. The second is
a gateway-to-gateway vpn. In either case, the vpn tunnels can terminate at
the firewall at which time you can apply your filtering rules. From what
you have written below, it sounds as if the second scenario is what you are
trying. If you are that unfamiliar with VPN, I would suggest some quick
reading to become a bit more familiar. I like the O'Reilly books. They are
usually straight forward. O'Reilly has a VPN book, ISBN 1-56592-529-7.

Good Luck,


"Alan White" <(E-Mail Removed)> wrote in message
news59Tb.80$(E-Mail Removed)...
> I looked at the Snapgear site. I am a real newbie on VPN.
> If they only wanted VPN access to the main office, would one Snapgear
Lite,
> installed at the main office be adequate as a VPN server? Could they use
> VPN client software that comes with windows at the other locations? The
> Snapgear lite is only $299.
>
>
> "TGW" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > www.snapgear.com
> >
> > SnapGear is owned by Cyberguard Corporation, an Enterprise firewall mfg.
> in
> > Florida. Check out their family of products. SnapGears will allow you
to
> > perform intrusion detection, provide for gateway-to-gateway vpn and is a
> > stateful firewall. Depending on the model, the price is around $700.00
> per
> > unit. There are a host of other features so I would give them a look.
> >
> > "Tod DeBie" <(E-Mail Removed)> wrote in message
> > news:ue_Sb.1509$(E-Mail Removed)...
> > > I am working with a guy that needs some new networking gear. He has
> three
> > > sites:
> > > 1. Main office, 10 computers, server, etc.
> > > 2. Remote office1, 6 computers, uses VPN to access server in main
office
> > > 3. Remote office2, 2 computers, uses VPN to access server in main
office
> > >
> > > Right now, all of the sites have cable or DSL modems and basic linksys
> > > routers and hubs. None of the office people are computer savvy, and
they
> > are
> > > having some networking problems that cause them to have to reboot the
> > > routers.
> > >
> > > I'd like to put all new gear in, here are a my requirements in order
of
> > > importance:
> > >
> > > 1. Rock solid reliability...no reboots required.
> > > 2. SNMP support, so I can tell if it has a problem.
> > > 3. VPN client and server in hardware so I can connect all of the sites
> > > without having to use PC VPN software.
> > > 4. POP3 email virus filtering, etc.
> > > 5. 1 or 2 - 1 Gigabit Ethernet ports.
> > >
> > > What else should I be looking for?
> > >
> > > Any suggestions on hardware to meet these requirements? I'd like to
> keep
> > > the whole thing in the $2,000 range. What are my options in the $2,000
> > range
> > > that is close to my requirements and how much will I have to pay if I
> want
> > a
> > > device that does it all?
> > >
> > > Tod
> > >
> > >
> >
> >
>
>

Thanks for the tip. Now a trip to the book store, buy a Starbuck coffee and
start to look at O'Reilly
Need to get a better understanding of some of the principals involved. I
always assumed a big hardware cost for VPN host or server end.


"TGW" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You need to determine first what your goal is in terms of access to each
> site. Do you need for someone to be able to work remotely from home to
the
> office and have it be as if they were sitting in the office? Or do you
need
> to connect the three sites so they would look like one large network,
i.e.,
> an extranet? The first scenario is a client-to-gateway vpn. The second
is
> a gateway-to-gateway vpn. In either case, the vpn tunnels can terminate
at
> the firewall at which time you can apply your filtering rules. From what
> you have written below, it sounds as if the second scenario is what you
are
> trying. If you are that unfamiliar with VPN, I would suggest some quick
> reading to become a bit more familiar. I like the O'Reilly books. They
are
> usually straight forward. O'Reilly has a VPN book, ISBN 1-56592-529-7.
>
> Good Luck,
>
>
> "Alan White" <(E-Mail Removed)> wrote in message
> news59Tb.80$(E-Mail Removed)...
> > I looked at the Snapgear site. I am a real newbie on VPN.
> > If they only wanted VPN access to the main office, would one Snapgear
> Lite,
> > installed at the main office be adequate as a VPN server? Could they
use
> > VPN client software that comes with windows at the other locations?
The
> > Snapgear lite is only $299.
> >
> >
> > "TGW" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > www.snapgear.com
> > >
> > > SnapGear is owned by Cyberguard Corporation, an Enterprise firewall
mfg.
> > in
> > > Florida. Check out their family of products. SnapGears will allow
you
> to
> > > perform intrusion detection, provide for gateway-to-gateway vpn and is
a
> > > stateful firewall. Depending on the model, the price is around
$700.00
> > per
> > > unit. There are a host of other features so I would give them a look.
> > >
> > > "Tod DeBie" <(E-Mail Removed)> wrote in message
> > > news:ue_Sb.1509$(E-Mail Removed)...
> > > > I am working with a guy that needs some new networking gear. He has
> > three
> > > > sites:
> > > > 1. Main office, 10 computers, server, etc.
> > > > 2. Remote office1, 6 computers, uses VPN to access server in main
> office
> > > > 3. Remote office2, 2 computers, uses VPN to access server in main
> office
> > > >
> > > > Right now, all of the sites have cable or DSL modems and basic
linksys
> > > > routers and hubs. None of the office people are computer savvy, and
> they
> > > are
> > > > having some networking problems that cause them to have to reboot
the
> > > > routers.
> > > >
> > > > I'd like to put all new gear in, here are a my requirements in order
> of
> > > > importance:
> > > >
> > > > 1. Rock solid reliability...no reboots required.
> > > > 2. SNMP support, so I can tell if it has a problem.
> > > > 3. VPN client and server in hardware so I can connect all of the
sites
> > > > without having to use PC VPN software.
> > > > 4. POP3 email virus filtering, etc.
> > > > 5. 1 or 2 - 1 Gigabit Ethernet ports.
> > > >
> > > > What else should I be looking for?
> > > >
> > > > Any suggestions on hardware to meet these requirements? I'd like to
> > keep
> > > > the whole thing in the $2,000 range. What are my options in the
$2,000
> > > range
> > > > that is close to my requirements and how much will I have to pay if
I
> > want
> > > a
> > > > device that does it all?
> > > >
> > > > Tod
> > > >
> > > >
> > >
> > >
> >
> >
>
>

In article <ue_Sb.1509$(E-Mail Removed)>,
(E-Mail Removed) says...
> I am working with a guy that needs some new networking gear. He has three
> sites:
> 1. Main office, 10 computers, server, etc.
> 2. Remote office1, 6 computers, uses VPN to access server in main office
> 3. Remote office2, 2 computers, uses VPN to access server in main office
>
> Right now, all of the sites have cable or DSL modems and basic linksys
> routers and hubs. None of the office people are computer savvy, and they are
> having some networking problems that cause them to have to reboot the
> routers.
>
> I'd like to put all new gear in, here are a my requirements in order of
> importance:
>
> 1. Rock solid reliability...no reboots required.
> 2. SNMP support, so I can tell if it has a problem.
> 3. VPN client and server in hardware so I can connect all of the sites
> without having to use PC VPN software.
> 4. POP3 email virus filtering, etc.
> 5. 1 or 2 - 1 Gigabit Ethernet ports.
>
> What else should I be looking for?

First, there is the cheap way and then the non-cheap way:

1 - Cheap method

Use Linksys VPN routers with fixed public IP's to connect the home
office and remote offices, these units run 24/7 and have not needed
rebooted in 6 months at over 100 locations.

Use Gig switches where needed - you really don't need gig I imagine.

Personal VPN - you don't really want a client based VPN, that means
licenses and that you have to install and maintain it. Get something
that works with Windows 2000 or XP Prof (like Linksys) and you are good
to go.

POP3 filtering - has nothing to do with the firewall, get Norton AV
Corporate edition, install on a server and push to client workstations.
Disable ability of users to control updates or disable it using the NAV
Server console.

2 - expensive method

Install a firewall at the home office - WatchGuard Firebox 700 (I like
the 1000 better, but it's out of your price range).

Setup Linksys VPN routers at remote offices - these will maintain a
IPSec tunnel (as above) to the WB FB700 24/7.

The FB700 comes with VPN client software, but a simple PPTP will also
work, then use VNC once through the VPN.

Gig - same as above, buy what you need for where you need it.

POP3 filtering - again, install NAV Corporate edition and filter POP at
clients. If you have your own email server then get Symantec SBE 8.1
with Exchange filtering (does virus, attachment, spam, etc....)

3 - in both examples, install VNC on each node to allow you to connect
to it once you VPN into the office/network.


--
--
(E-Mail Removed)
(Remove 999 to reply to me)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Need to get a better understanding of some of the principals
> involved. I always assumed a big hardware cost for VPN host or
> server end.

no, there are some really cheap (or free if you already have some of
the hardware and software) solutions out there. heck, windows OSs
have been able to act as VPN clients since win98 (maybe even win95C
or something), and NT,2K,XP,2K3 can all act as a VPN server. Linux is
also capable of all this.

there are two dominant protocols to look at: PPTP (i believe this is
a Mocro$oft creation) and L2TP which depends on IPSec. PPTP is really
simple to set up, L2TP is typically more complicated, requiring
certificates and such. there are some other less used protocols as
well.

oliver

>
>
> "TGW" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > You need to determine first what your goal is in terms of access
> > to each site. Do you need for someone to be able to work
> > remotely from home to
> the
> > office and have it be as if they were sitting in the office? Or
> > do you
> need
> > to connect the three sites so they would look like one large
> > network,
> i.e.,
> > an extranet? The first scenario is a client-to-gateway vpn. The
> > second
> is
> > a gateway-to-gateway vpn. In either case, the vpn tunnels can
> > terminate
> at
> > the firewall at which time you can apply your filtering rules.
> > From what you have written below, it sounds as if the second
> > scenario is what you
> are
> > trying. If you are that unfamiliar with VPN, I would suggest
> > some quick reading to become a bit more familiar. I like the
> > O'Reilly books. They
> are
> > usually straight forward. O'Reilly has a VPN book, ISBN
> > 1-56592-529-7.
> >
> > Good Luck,
> >
> >
> > "Alan White" <(E-Mail Removed)> wrote in message
> > news59Tb.80$(E-Mail Removed)...
> > > I looked at the Snapgear site. I am a real newbie on VPN. If
> > > they only wanted VPN access to the main office, would one
> > > Snapgear
> > Lite,
> > > installed at the main office be adequate as a VPN server?
> > > Could they
> use
> > > VPN client software that comes with windows at the other
> > > locations?
> The
> > > Snapgear lite is only $299.
> > >
> > >
> > > "TGW" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > www.snapgear.com
> > > >
> > > > SnapGear is owned by Cyberguard Corporation, an Enterprise
> > > > firewall
> mfg.
> > > in
> > > > Florida. Check out their family of products. SnapGears will
> > > > allow
> you
> > to
> > > > perform intrusion detection, provide for gateway-to-gateway
> > > > vpn and is
> a
> > > > stateful firewall. Depending on the model, the price is
> > > > around
> $700.00
> > > per
> > > > unit. There are a host of other features so I would give
> > > > them a look.
> > > >
> > > > "Tod DeBie" <(E-Mail Removed)> wrote in message
> > > > news:ue_Sb.1509$(E-Mail Removed)...
> > > > > I am working with a guy that needs some new networking
> > > > > gear. He has
> > > three
> > > > > sites:
> > > > > 1. Main office, 10 computers, server, etc.
> > > > > 2. Remote office1, 6 computers, uses VPN to access server
> > > > > in main
> > office
> > > > > 3. Remote office2, 2 computers, uses VPN to access server
> > > > > in main
> > office
> > > > >
> > > > > Right now, all of the sites have cable or DSL modems and
> > > > > basic
> linksys
> > > > > routers and hubs. None of the office people are computer
> > > > > savvy, and
> > they
> > > > are
> > > > > having some networking problems that cause them to have to
> > > > > reboot
> the
> > > > > routers.
> > > > >
> > > > > I'd like to put all new gear in, here are a my requirements
> > > > > in order
> > of
> > > > > importance:
> > > > >
> > > > > 1. Rock solid reliability...no reboots required.
> > > > > 2. SNMP support, so I can tell if it has a problem.
> > > > > 3. VPN client and server in hardware so I can connect all
> > > > > of the
> sites
> > > > > without having to use PC VPN software.
> > > > > 4. POP3 email virus filtering, etc.
> > > > > 5. 1 or 2 - 1 Gigabit Ethernet ports.
> > > > >
> > > > > What else should I be looking for?
> > > > >
> > > > > Any suggestions on hardware to meet these requirements?
> > > > > I'd like to
> > > keep
> > > > > the whole thing in the $2,000 range. What are my options in
> > > > > the
> $2,000
> > > > range
> > > > > that is close to my requirements and how much will I have
> > > > > to pay if
> I
> > > want
> > > > a
> > > > > device that does it all?
> > > > >
> > > > > Tod
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQB4o97coUT0UavXJEQK/wwCeIQfs097xQDEF1hA1y36v0+QUBV4AoIJ/
hyI5ZUoi02F4loOx09MbSD+U
=2Trv
-----END PGP SIGNATURE-----

In article <1OpTb.2151$(E-Mail Removed)>,
Oliver O'Boyle <(E-Mail Removed)> wrote:
:there are two dominant protocols to look at: PPTP (i believe this is
:a Mocro$oft creation) and L2TP which depends on IPSec. PPTP is really
:simple to set up, L2TP is typically more complicated, requiring
:certificates and such. there are some other less used protocols as
:well.

IPsec never requires certificates: you can use pre-shared keys.
Certificates certainly help increase scalability! but if you
only have a few sites or the sites only ever talk to one other site
(instead of having to talk to each other too) then pre-shared
can be sustainable too.
--
Before responding, take into account the possibility that the Universe
was created just an instant ago, and that you have not actually read
anything, but were instead created intact with a memory of having read it.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=> IPsec never requires certificates: you can use pre-shared keys.
> Certificates certainly help increase scalability! but if you
> only have a few sites or the sites only ever talk to one other site
> (instead of having to talk to each other too) then pre-shared
> can be sustainable too.

true. i forgot about that option. thanks.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQB6pIbcoUT0UavXJEQLDLQCfS81R7/PbglplCTZhdOrrXECvG5oAn3HV
AGuJAz3lzEKvsgcPS3lPou8p
=NydZ
-----END PGP SIGNATURE-----