dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
959
share rss forum feed

JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY
Reviews:
·Optimum Online

Looking into ZyWALL USG100

I am now looking into ZyWALL USG100 to be used at home.

Main reason to upgrade from existing router (WRT54GL running Tomato firmware) is that I now have several computers and need to connect to 2 VPN-s at once. One VPN is behind CISCO 4050 router and I use CISCO VPN client for this. Another is Linksys/Cisco »www.amazon.com/8-port-Fast-Ether···n+router and I use standard Windows VPN for this.

Will USG100 be able to connect to both of these at the same time?

In reviews I read that it may be difficult to setup. My level of expertise doesn't extend beyond setting up my WRT54GL. Will I be able to set it up? Don't mind learning as soon as this doesn't take a month.

What are the alternatives? As far as I understand anything from CISCO RV family will work too (is that correct?) but in the office where RV is used we sometimes have strange problem with web pages being only partially displayed. Is RV easier to configure?

My main concern is

1) General stability (my WRT54GL NEVER needs to be rebooted)
2) Stability in maintaining VPN connections
3) Being able to set it up myself but open to hiring someone for a couple hours too.

My current internet provider is OptimumOnline so it had to work with it.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
You may want to look at this first »USG series FW 3.00 Comparison

USG100 supports IPSec VPN, L2TP VPN (Windows VPN) and SSL VPN. Multiple simultaneous connections to the router are not a problem. If you have VPN client on LAN side of a router connecting to internet that's not a problem either.
However if you have a need to create VPN to the router and simultaneously another same kind of VPN to a LAN VPN server that's not possible.

Did you want to connect with the Cisco VPN client to USG? I'm not sure if that's going to work it may need to be tested.

It's fairly easy to setup, lots of how-to on this forum, quite good user guides too.
And you can always come back with specific problems here.

JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY
Reviews:
·Optimum Online
said by Brano:

You may want to look at this first »USG series FW 3.00 Comparison

From looking at this maybe I don't even need USG100 - looks like USG20 will do. The reason I started looking at USG100 is because at this Firewalls Comparison diagram (scroll down a bit):

»www.amazon.com/ZyXEL-Unified-Sec···+usg+200

it shows that only USG100 and higher support L2TP, which seems different from diagram you linked to. On diagram you linked to they all seem to support L2TP. Am I correct that USG20 and USG100 both support it?

said by Brano:

USG100 supports IPSec VPN, L2TP VPN (Windows VPN) and SSL VPN. Multiple simultaneous connections to the router are not a problem. If you have VPN client on LAN side of a router connecting to internet that's not a problem either.
However if you have a need to create VPN to the router and simultaneously another same kind of VPN to a LAN VPN server that's not possible.

Did you want to connect with the Cisco VPN client to USG? I'm not sure if that's going to work it may need to be tested.

It's fairly easy to setup, lots of how-to on this forum, quite good user guides too.
And you can always come back with specific problems here.

Maybe I didn't explain myself clear enough. I need to maintain 2 site-to-site VPN connections from USG*** to 2 other sites (one IPSec, another L2TP). I don't need other sites or clients connect to USG***. Can this be done?

Thanks.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to JoeSchmoe007
Brano......

Can a USG as the poster reiterated......
(1) connect two different computers using VPN clients, one IPSEC via CISCO client and one using WIndows VPN native client L2TP at the same time.
In this case the USG would be simply passing through VPN connections.

(2) connect directly from one computers using USG as a vpn endpoint to the CISCO router IPSEC, and one computer connected via a client L2TP windows connection to the linksys. In this case the USG would pass through an L2TP connection and directly handle the IPSEC VPN connection to the CISCO.

(Note: Depends on if the cisco client is provided (with confidential settings and if so no direct connectivity would be possible)

(3) connect one computer via the cisco client IPSEC, and attempt to setup direct VPN connection from the computer using USG to the linksys - replacing the L2TP scenario. In this case the USG would pass through the IPSEC CISCO VPN connection and directly handle an IPSEC VPN connection to the linksys.

(Note: depends upon the ability to configure or talk with the VPN admin at the linksys vpn router site).

Personally I would prefer option 3 if option 1 was not possible. If the client with all setting is provided that is best as a direct to CISCO VPN would be biatch to setup

Finally, what about the possibilty of SSL VPN to the linksys unit??
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to JoeSchmoe007
The charts on Amazon are from firmware 2.2x, the 3.0x firmware unified most of the functionality across the models .. that's the chart I gave you.
Yes USG20 can be sufficient for you if the other specs are right. Mind the throughput in the charts is one-way and the UTM performance generally sucks (see here »USG200 speed tests #3). But if you don't need UTM then VPN and stability are very good. I personally have USG200 and can't complain (don't use UTM though).
You may consider USG50 if you ever need dual-WAN.

Yes, IPSec/L2TP VPN between various vendors and USG typically works without any issues providing the other party has standard implementation and not something proprietary funky.

JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY
Reviews:
·Optimum Online
reply to JoeSchmoe007
OK, I just talked to Zyxel support on the phone.

From what I understood connecting to to CISCO 4050 via IPSec is possible.

[Correct me if I am wrong] Connecting to another site via L2TP is not possible because L2TP as a protocol is not meant for router-to-router connection - it is only meant for individual computers to connect TO the router. If I want to connect to this device:

»www.amazon.com/8-port-Fast-Ether···n+router

it needs to support IPSec for connection INTO it.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
L2TP is utilizing IPSec for transport.

For site to site it's IPSec only.
For client to site it's L2TP over IPSec. I haven't really ever seen site to site requirement for L2TP (and USG doesn't support L2TP site to site).

Figure out your requirements, I'm pretty sure you'll be OK.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to JoeSchmoe007
Zyxel Support is correct. To reach another router using the USG one must use standard IPSEC VPN. To reach an external vpn router from a computer sitting behind the USG, one must use a client be it IPSEC VPN client, Windows L2TP native client, or an SSL VPN client.

This is the same for any VPN router. Only IPSEC is designed for VPN endpoint router to VPN endpoint router direct connectivity. Here the router decides via the router setup where to terminate the tunnels at either end. SSL VPN and L2TP in my limited knowledge is strictly for client (running on a computer) to vpn endpoint router connectivity.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY

1 edit
reply to JoeSchmoe007
How does USG50 compare to Cisco RV042G (I don't care about Antivirus and Content Filtering in USG50)? I just spoke with our network guy and he recommends RV042G which is what he uses and knows how to configure for site-to-site VPN.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11

1 edit
Go with whatever is your network guy comfortable with. Can't comment on RV042G as I never configured one.
Alternatively, ask here »Linksys