VPN Server

Jeremy Fowler jfowler at westrope.com
Thu Sep 19 18:48:18 CDT 2002


We use a Cisco VPN 3000 Concentrator here and I love it. Easy web interface for
administering so setting it up was a snap. It supports IPSEC, PPTP, and L2TP
tunnels, so all you bases are covered there. However, I would strongly recommend
IPSEC. You can create local users and groups for authentication or you can use a
RADIUS, NT Domain, or SDI server. The newer versions offers client firewall
protection that is administered with policies from the concentrator. Also you
can enable local network access on the client, so when they want to print to a
local network printer or access something form a local server, they won't need
to disconnect from the VPN. I suggest getting a maintenance agreement from Cisco
so you get access to the updates. There was quite a few security vulnerabilities
found not too long ago, and you needed CCO access in order to download the fixed
versions.

One thing to note: Since IPSEC uses non port specific GRE packets for it's
tunnels, it makes VPNs not very NAT friendly. So if your VPN server or any of
your clients are going to be behind a NAT enabled firewall, you might want to
check to see if it's possible to do UDP or TCP encapsulation with whatever
system you choose.

> -----Original Message-----
> From: owner-kclug at marauder.illiana.net
> [mailto:owner-kclug at marauder.illiana.net]On Behalf Of Chris Midkiff
> Sent: Thursday, September 19, 2002 2:43 PM
> To: kclug at kclug.org
> Subject: VPN Server
>
>
> I need to set up a VPN server, so that our people can connect from
> their Win2k clients at home.  At this point, I'm just doing the
> research, and would love to hear some ideas.  I've use VPN Clients
> before, but don't know much about the server side of things.
>
> Has anyone ever done this?  The VPN Howto that I found talks about
> patching (which I have not done) and building (which I have done) a
> new kernel, with X25 support.  This howto also show setting up a
> valid IP Address for people to connect from.  Most of these people
> are dial-up users, and I have no idea what their address will be.
>
> There are several special purpose distro's that have support for VPN
> and X25, such as SmoothWall linux.  Anyone have any experience with
> one of these packages?
>
> Also, we use a SpeedStream DSL Router that lists SecureVPN as an
> optional component.  Might that be worth looking into?
>
> Chris Midkiff
> DataCapture Technologies, INC.
> Chris at datacaptech.com
>
>
>
>
>
>




More information about the Kclug mailing list