foneguy9
join:2003-01-03
Pasadena, CA
|  Recommendations for VPN Router for Telecommuter?
Hello again,
I have clients that are looking for hardware that I could recommend for telecommuters that will be using the NEC NEAX 2000 IPS IP phone sets. These are actual phones with, basically, a NIC card/2 port Switch connected to the bottom of it.
In order for these to work, NEC requires an IPSec VPN session if the IP-PBX is behind a firewall. The clients want to setup behind a Cisco at the office, which shouldn't have a problem establishing a VPN tunnel. On the telecommuters end, I can't be sure what they have yet, however, I was told possibly a Dlink or Linksys Wireless router. I have only been testing with Public IP addresses with the clients from our office to theirs'.
Would you think that a ZyWALL P1 would work in this kind of environment?
The user would be sharing this session for data as well as the VoIP station. Or they may need 2 seperate VPN tunnels, one for data and one for the VoIP station. Their IT department hasn't made up their minds on this yet.
NEC IP phone is using G.729a compression.
Any hardware recommendations are welcome!
Thanks for any input! |
|
DavidJWood
Premium
join:2001-10-12
UK
| ZyWALL P1 is a possibility, with two provisos.
Firstly, the P1 only supports a single IPsec connection - even if you can configure more, it only allows one connection to be active at once. Secondly, ZyNOS 3.64, the only version available for the P1, is brand new, as is the P1. The new IPsec code in 3.64 seems a bit buggy at the moment. I'm sure ZyXEL will sort it, but that will probably take another few weeks.
You may find it easier to use the P1 as the router (it is a full NAT / multi-NAT router) and use another device to provide wireless.
Another possibility that comes to mind is to use a ZyWALL 2 - it's an older device and is basically end of life so far as firmware development goes. It's likely only to get bugfixes, and not to get 3.64 firmware with the new IPsec code certified to the latest ICSA IPsec requirements. However, it does have two VPN tunnels and a built in 4 port switch.
I couldn't recommend looking at the ZyWALL 2WE - it's never enjoyed the same frequency of firmware updates as the ZyWALL 2, and the wireless is 802.11b only with no WPA support.
The nicest ZyXEL option would be a ZyWALL 5 with a ZyAIR G-110 wireless card - that would do everything talked about (802.11g wireless with WPA, 4 port switch, several IPsec tunnels, and, if you want it, hardware DMZ) in one device, but is likely to be over the budget.
Vantage CNM would offer a remote management solution if it's wanted.
David
(who has a ZyWALL 35 in the rack behind him) |
|
kenn10
join:2003-09-10
Kennesaw, GA
 ·VoicePulse for Bus..
·Vitelity VOIP
 ·Comcast
·Vonage
 ·Verizon Online DSL
·ViaTalk
| reply to foneguy9
The Avaya series SG-200 routers/VPN Firewall might work for you. It lets you have phones and computers tunnel in to your network. Here's a link:
»www.avaya.com/gcm/master-usa/en-···g200.htm |
|
keason
Premium
join:2002-05-02
Ann Arbor, MI
 ·Sprint Mobile Broa..
| reply to foneguy9
Re: Recommendations for VPN Router for Telecommute
I'd recommend the Fortinet firewalls - (use the router or modem provided by the ISP).
These units support Dynamic DNS for VPN , very helpful to keep costs down for your ISP service. They also do virus scanning on the VPN tunnel - a major threat for any corporate network.
List is $495 for the 50A model , designed for 1-5 user network. It has all of the usual stuff - DHCP server, Virus Scanning, Intrusion Detection/Prevention, Blended threat detection and also scans for Adware, Malware, keyloggers, Trojans, etc. etc.
I've used these with both H323 and SIP devices and they work well. You can also set them to feed info back to the syslog server at your main site. |
|
foneguy9
join:2003-01-03
Pasadena, CA
|  reply to DavidJWood
Thanks David!
The info offered is great, but to clarify, the wireless side of the router isn't necessary. I was trying to explain that the Dlink or Linksys wireless router is the device that customer has now. It isn't necessary for my recommendation.
Though your explanation is short and sweet 
I could suggest the Zywall 5 and let them know, 'here's a device with all these bells and whistles, you can consolidate ALL your devices, your going to love it, oh, and by the way, this is how much $$$$' |
|
foneguy9
join:2003-01-03
Pasadena, CA
|  Kenn,
The Avaya looks pretty good, however, my company up and ups might not be too kind on the Avaya(competitor):D
I couldn't find a price on the web site, I suppose you have to call to order?
Looks like it will get my job done!
The Fortinet Firewall model 50A looks good, especially, the feed to the syslog server. The IT would eat that up!!!
Great suggestions!! |
|
Dunga Bee
Put A Little Butter On It
join:2004-07-26
Pittsburgh, PA
| reply to foneguy9
Re: Recommendations for VPN Router for Telecommuter?
You may want to look at something like m0n0wall. »m0n0.ch/wall
It's a very feature rich and free firewall based on BSD.
It's designed to be installed on a solid state (no HDD) box like a Wrap. These can be purchased with 2-3 NICs in them for around $150 or less. I believe the m0n0 site has info on where you can purchase them.
m0n0 can also be installed on a normal low end PC as well, if you or the users have any to spare.
I've been using m0n0 and a m0n0 derivative pfSense (»www.pfsense.com) for some time now and have been amazed with the amount of power and flexibility they offer for free. IMHO, unless I really needed something that only a high end Cisco unit needed, I would use m0n0 or pfSense anyplace I needed a firewall.
Check them out and see what you think.
Hope that helps. |
|
foneguy9
join:2003-01-03
Pasadena, CA
| Ohhhh... Very Good... Things are getting fun!!
I do have a couple of PIII PC's laying around with 1 to 2 gig HDD, I'm not sure of their size. Memory is @ SDRAM 128. I have several PCI NIC cards not in use as well. Should work with your recommendation. However, does the following feature from the »www.pfsense.com/index.php?id=26
mean Multiple WAN ports are almost, but not yet, supported? The only other issue is If I can get out of setting up VPN tunnels, this could be an option.
You can't beat the price, however, I'm trying to get to the point of 'set it and forget it'. Could you tell me if this is your experience?
pfSense Features
pfSense changes that are in the works (subject to change daily):
Incoming load balancing
Multiple WAN support
Multiple PPPOE WAN Support |
|
brmasha
join:2000-05-16
Logan, UT | Re: Recommendations for VPN Router for Telecommute
I second your opinion on m0n0wall. I have been using it for IPsec endpoints and it works slick. MUCH simpler than using a SOHO router like the Linksys WRV54G. It also allows PPTP connections which makes it nice to connect from a windows box. |
|
Dunga Bee
Put A Little Butter On It
join:2004-07-26
Pittsburgh, PA
| reply to foneguy9
Re: Recommendations for VPN Router for Telecommuter?
I do not believe multiple WAN support is enabled in pfSense yet.
You can certainly set up the VPN tunnels with pfSense or m0n0wall.
From reading your original post, I believe you need these units on the client end of the connection. You could either go with the spare PC idea or get a Wrap box with 2 NICs (1 for WAN and 1 for LAN) for around $100 or so.
pfSense is still an Alpha product, although the beta release is just around the corner. I'd recommend stopping by the IRC channel to ask any specific questions of the developers. They are typically around during the day (Eastern Standard Time) and also the evenings. They are quite active and friendly and would welcome suggestions for improvements as well.
m0n0wall has a very stable older release and the beta is also fairly stable as well, if you want to go that route. IMHO the traffic shaping capabilities in pfSense are superior, which was a driving reason for me to switch from m0n0 to pfSense, but they are both solid products.
Hope that helps. If you need more info, just ask. |
|
