[olug] Home network, firewall, vpn design..
Jay Swackhamer
Jay at RebootTheUser.com
Tue Feb 17 17:22:47 UTC 2004
I've setup this type of functionality on a 200mhz PC that is less that 10%
used while routing internet traffic for a 6 person office and allowing an
incoming VPN for a 3 person remote office. Soon I may have a 'packaged'
tarfile......
Pentium 200mhz, 128mb ram
freeswan
pptpd <-remote users
dhcpd
iptables
> Nathan D. Rotschafer wrote:
>
>> Or save yourself a whole lotta headaches and get yourself a cisco 2611.
>> That router can terminate VPNs, run DHCP, do NAT, static NAT or port
>> forwarding. All in a nice 1U box that never has to have it's hardware
>> upgraded :-)
>
> One detail you for got to mention is that a 26xx is EXTREMELY slow doing
> VPN work unless you get an EXTREMELY EXPENSIVE crypto accelerator
> card... slow to the point where your firewall is the bottleneck, not the
> internet connection, and expensive to the point that it's cheaper to get
> a PIX or a SonicWALL, which can also do IPsec, DHCP, and dynamic and
> static NAT.
>
> Alternatively, just put the VPN functionality on the OpenBSD box ;)
>
> The costs:
> * new Cisco PIX-501: $400
> * new SonicWALL TZ 170: $400
> * used Cisco PIX-506: $700 - $800 (ebay pricing)
> * used Cisco 2611: $500+ (ebay pricing)
> * used PC that'll spank 'em all: under $100. Or "free", since you have
> a P-100 ;)
>
> As you can tell, I'm not a fan of using an IOS router as a firewall...
> I've done it and haven't been impressed compared to a PIX, SonicWALL or
> PC.
>
> --
>
> Phil Brutsche
> phil at brutsche.us
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
--
Jay Swackhamer
Reboot The User
15791 West Dodge Road
Suite 135
Omaha, NE 68118
(402) 933-6449
(402) 933-6456 Fax
http://www.RebootTheUser.com
More information about the OLUG
mailing list