dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2506
share rss forum feed

antifan

join:2013-03-29
Mesa, AZ

Sub $300 VPN Router

Hello,

I was hoping some of you might have real world experience using some of the hardware I'm looking into buying. My company has a Netgear Prosafe VPN router at the main branch (not sure of model) and I need to install a similar option at my home (working remotely). It'll be an IPSEC VPN. I'd prefer to stay away from Netgear myself as the reviews are bad and firewall throughput is low for my needs until you hit close to $400 for an SRX5308.

I have Cox cable and I get 65/25 on a consistent basis with throughput steady on long downloads.

I'd like to buy a router with firewall wan-to-lan performance that can easily handle this. The VPN performance at this time doesn't have to be better than 2/2 as our main office has a T1 or similar so throughput isn't very high. I'll be using site to site vpn for the connection as I have a device that I can't configure manually that needs to traverse the VPN. I've been looking at these two:

CISCO RV220W (Curious about WDS performance)
ZYXEL USG 50 (Wan to lan throughput?)
Sonicwall TZ 105 (don't know anything about this one yet)

I can't find any reviews or benchmarks that show real world throughput on the USG 50. I saw a review on smallnetbuilder for the USG 20 and it gets 58Mbit wan to lan which is slightly slower than I want. The Cisco seems like it can do what I want - just wanted to make sure I was getting the best router I can find. I saw other people recommending the Sonicwall TZ 100 (only saw a TZ 105 at Newegg). If it makes a difference I'll be using a VOIP phone and laptop mainly with the VPN connection and my wife also uses a software VPN client to connect to her office which is a Sonicwall product.

I'm about ready to pull the trigger on the RV220W unless somebody can convince me one of the other two work be a better choice. Wireless functionality isn't important as I have a 802.11N router I can set as an access point if need be and dual wan capability is not a requirement either.

Thanks,
Tim

Oh - one other thing:
If there's a way to handle this on one router that'd be awesome:
Subnet 1 or VLAN?: VPN computer/phone can see remote site and each other but nothing else on my network
Subnet 2 or VLAN?: Sees local devices INCLUDING the devices using the VPN.

For instance laptop on subnet 1 and another computer on my network on subnet 2 can connect to the laptop and access a share folder but the laptop can't connect to the computer on subnet 2.

I had this setup before like this:
Cable modem -> VPN ROUTER 192.168.11.1 -> Home Router 192.168.12.1

192.168.12.1 could see 192.168.11.1 but not vice versa. I'll set it up this way again if it's not possible via software/firmware on the new router.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

2 edits

The USG50 numbers.........
»USG series FW 3.00 Comparison

I havent used the other two but am quite happy with my USG routers (100) (300) and have 50 30 fibre op service.

As far as your previous setup with double nat,,,,,,,,,,, Is basically a less than ideal setup due to the fact that the primary router is not all that capable. The USG 50 can accommodate the setups you seek. There are three LANS, LAN1, LAN2 and LAN3 that come under firewall managment. IN other words you can block all traffic between them, to poking holes one or two way between them or have full two way access between them. The router handles VLAN traffic as well.

As far as directing or routing VPN traffic that is all programmable yes. At tjat price point, with features and throughput desired the 50 is a good match. There is free support and free firmware upgrades. Now Zyxel seems to pushing out newer USG units with higher throughputs as we recently learned about a USG100+, so it may be worth your while to wait and see if there is a USG50+, but that may raise the street price over $300.

»ftp://ftp.zyxel.com/ZyWALL_USG_50/data···50_6.pdf


antifan

join:2013-03-29
Mesa, AZ

Thanks, I've seen a similar diagram before showing the manufacturer stated throughput but with the smallnetbuilder review of the USG 20 they were only getting 58mbit throughput one way. I'm leery of basing my purchase on manufacturers claims.. they don't always test the same way people do in real world situations.

Edit: replied before seeing your whole post. The USG 50 looks good - hopefully somebody knows of a review that tested maximum throughput. The USG 20 was reviewed here: »www.smallnetbuilder.com/security···-gateway


HELLFIRE
Premium
join:2009-11-25
kudos:12
reply to antifan

Anav is a goto guy for anything Zyxel USG related.

Smallnetbuilder would be the goto place to get throughput numbers for the RV220 -- try this one.

Sonicwall is in around the class of the Prosafe. I haven't used one directly, but they seem to be fairly decent
pieces of kit. Here's Sonicwall's numbers so take em with a grain of salt. Other thing is the 105 specifically is FE
not GigE interfaces, not sure if you're expecting GigE connectivity.

Most definately the RV220W and the Sonicwall can handle multiple VLANs... also both have online simulators
of the device's interface so you can play around and see how comfortable you are with the UI.

My 00000010bits

Regards



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to antifan

USG 50, 100,200,300 20% off plus free shipping.

»www.newegg.com/Product/Product.a···Parent=1

»www.newegg.com/Product/Product.a···Parent=1


antifan

join:2013-03-29
Mesa, AZ

Thanks - I was looking at the reviews on it this morning and decided to go for it after I saw the discount. The reviews on the Cisco RV220W just weren't great in comparison and with this being $191 shipped with shoprunner I couldn't pass it up. The throughput should be fine for what I need and most reviews were positive about the features.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Visit us over at the zyxel forum when you do get it for a walk through and tech support is available 18002554101 ext5 from 8-5pm california time. Be advised for difficult setups they will probably have to raise it up to tier 2.



Samir

join:2010-02-06
Madison, AL
reply to antifan

I'm in the same boat as you except I need to make a bunch of site-to-site VPNs a lot more stable. How do you like your Zyxel?
--
Huntsville's Premiere Car and Bike Enthusiast website: www.huntsvillecarscene.com


antifan

join:2013-03-29
Mesa, AZ

Hi Samir,

Once I had the correct VPN settings for my office it was fairly straightforward on the setup. There's a lot more steps to go through on this than when I've used residential routers but there's also a more customization that can be done.

I have one VPN connection setup that seems to be stable but I've been having ISP/internet connection issues since I set up the VPN which appear to be unrelated/coincidence so I can't say exactly how well it's worked out.

Just note - there are a few services that are premium subscription based ones that are something like $60 - $100/yr - I haven't checked in awhile. I'm not sure if any other similarly priced/performing routers offer those types of services for free but if you're interested in them you should weigh the costs of the hardware and subscription fees together when making a purchase.

As far as performance goes it definitely keeps up with my broadband connection and the VPN doesn't affect it at all. My connection is 65Mbit down / 25 up. I only use one WAN connection. There is an SSL VPN connection available for 2 users at a time that I haven't tested but it looks like a really nice feature if you want to connect remotely to your network. I've blocked WAN HTTP though but it's enabled by default and from that interface there is an option to log in via SSL.

All in all I like it and it does what I need. It was the best reviewed and least expensive device I could have purchased at the time. I have this installed in my home and I have an array of devices/gaming consoles/etc.. - besides one or two rules I had to setup there hasn't been an issue with any devices or software I've wanted to use.


HELLFIRE
Premium
join:2009-11-25
kudos:12
reply to antifan

Since this thread was necro-raised... if you're in the market for appliance-based, why not this one?

I know it's been mentioned in the Networking forums a couple times, and price-to-performance is pretty d**n good.

Regards



Samir

join:2010-02-06
Madison, AL
reply to antifan

Thank you so much for the quick reply. I'm reading the manual now and this is definitely a enterprise class router! Lots of stuff to learn, but the documentation is really detailed, and from what I've read, support is great too.

Sure beats the others in this price range on those two alone. I think if a lamp timer can't fix my current head-end vpn point, this will be my router of choice.
--
Huntsville's Premiere Car and Bike Enthusiast website: www.huntsvillecarscene.com