I concur with the Linux solution, however "Building Linux and OpenBSD
Firewalls" does cover mostly basics. Most of the book is how to install both
OS. I liked the book personally because I needed the basics at the time.
There is an excellent introduction covering security. For a commercial
product I would recomend Nortels Contivity Extranet switch. The low end
platform supports 100 IPsec tunnels eithier in a branch to branch solution
and or road warriors. The client is the most user friendly I have seen, and
I have seen most of them. When I was there it was running in the 7K range.
It also supports Linux S/wan for branch to branch to branch. The bad news is
it is another box to manage and I dont think they support any OS for the
client side except Windows. That was a year ago things hopefully things have
changed.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, August 28, 2000 1:46 PM
To: Al Saenz; [EMAIL PROTECTED]
Subject: Re: Do It your Self VPN/Firewall
Al,
#I am looking to building my own firewall and running some kind of VPN for
a
#branch office in a employee's home. I would like to implement this
solution
#for mobile sales folks too. I have the time to learn and build my own
this
#is why I do not want to purchase a FW/VPN solution. I am concerned and
#confused on how a remote user would gain access with out some kind of
client
#vpn software. I know that basically one could dial into a RAS server or
if
#the company has a permanent Internet connection a vpn could be established
#through the Internet. My company has the latter type. I am pretty good
#with Unix so I have no problem with trying to build a Fw/VPN with that OS.
#I am most concerned with the end remote user. I would want it to be
#transparent as possible.
I think you have two questions here.
1. What is a good Firewall/VPN solution?
2. Does the VPN portion of the above solution have client software that is
easy to use?
For a low cost firewall/VPN solution my first recommendation would be
OpenBSD running IPFilter and their IPSec implementation. My second would
be Linux running IPChains and their IPSec solution. I would also suggest
getting the "Building Linux and OpenBSD Firewalls" book. I bought mine
from Amazon. I don't know anything about the client VPN software for
either but after the initial install there really shouldn't be anything
that your home user has to do except dial-out and login. My experience
with commercial IPSec implementations is that the user side of things after
the install is pretty simple.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
