Networking hardware suggestions...

I am working with a guy that needs some new networking gear. He has three
sites:
1. Main office, 10 computers, server, etc.
2. Remote office1, 6 computers, uses VPN to access server in main office
3. Remote office2, 2 computers, uses VPN to access server in main office

Right now, all of the sites have cable or DSL modems and basic linksys
routers and hubs. None of the office people are computer savvy, and they are
having some networking problems that cause them to have to reboot the
routers.

I'd like to put all new gear in, here are a my requirements in order of
importance:

1. Rock solid reliability...no reboots required.
2. SNMP support, so I can tell if it has a problem.
3. VPN client and server in hardware so I can connect all of the sites
without having to use PC VPN software.
4. POP3 email virus filtering, etc.
5. 1 or 2 - 1 Gigabit Ethernet ports.

What else should I be looking for?

Any suggestions on hardware to meet these requirements? I'd like to keep
the whole thing in the $2,000 range. What are my options in the $2,000 range
that is close to my requirements and how much will I have to pay if I want a
device that does it all?

Tod

www.snapgear.com

SnapGear is owned by Cyberguard Corporation, an Enterprise firewall mfg. in
Florida. Check out their family of products. SnapGears will allow you to
perform intrusion detection, provide for gateway-to-gateway vpn and is a
stateful firewall. Depending on the model, the price is around $700.00 per
unit. There are a host of other features so I would give them a look.

"Tod DeBie" <tod_debie@hotmail.com> wrote in message
news:ue_Sb.1509$ow4.394@twister.socal.rr.com...
> I am working with a guy that needs some new networking gear. He has three
> sites:
> 1. Main office, 10 computers, server, etc.
> 2. Remote office1, 6 computers, uses VPN to access server in main office
> 3. Remote office2, 2 computers, uses VPN to access server in main office
>
> Right now, all of the sites have cable or DSL modems and basic linksys
> routers and hubs. None of the office people are computer savvy, and they
are
> having some networking problems that cause them to have to reboot the
> routers.
>
> I'd like to put all new gear in, here are a my requirements in order of
> importance:
>
> 1. Rock solid reliability...no reboots required.
> 2. SNMP support, so I can tell if it has a problem.
> 3. VPN client and server in hardware so I can connect all of the sites
> without having to use PC VPN software.
> 4. POP3 email virus filtering, etc.
> 5. 1 or 2 - 1 Gigabit Ethernet ports.
>
> What else should I be looking for?
>
> Any suggestions on hardware to meet these requirements? I'd like to keep
> the whole thing in the $2,000 range. What are my options in the $2,000
range
> that is close to my requirements and how much will I have to pay if I want
a
> device that does it all?
>
> Tod
>
>

In article <ue_Sb.1509$ow4.394@twister.socal.rr.com>,
Tod DeBie <tod_debie@hotmail.com> wrote:
:I am working with a guy that needs some new networking gear.

:I'd like to put all new gear in, here are a my requirements in order of
:importance:

:1. Rock solid reliability...no reboots required.
:2. SNMP support, so I can tell if it has a problem.
:3. VPN client and server in hardware so I can connect all of the sites
:without having to use PC VPN software.
:4. POP3 email virus filtering, etc.
:5. 1 or 2 - 1 Gigabit Ethernet ports.

:Any suggestions on hardware to meet these requirements? I'd like to keep
:the whole thing in the $2,000 range.

Cisco does not have any equipment that does email virus filtering.
Also, as I recall, Cisco does not have any equipment in the $666 price
range ($2000 / 3 offices) that has any gigabit ports at all
[unless perhaps in their Linksys subsiduary.]

For the first three points, the closest Cisco match would be
a 827, 837, or SOHO 97. The 827 is an older model no longer being
improved; the 837 and SOHO 97 are current models.

The PIX 501 would handle points 1 and 3, but it's SNMP support
is not very extensive -- for example, you cannot get per-tunnel
statistics via SNMP on any PIX, and you can't get a list of
current connections. I don't know how extensive the SNMP
support is on the 837 or SOHO 97.
--
IEA408I: GETMAIN cannot provide buffer for WATLIB.

I looked at the Snapgear site. I am a real newbie on VPN.
If they only wanted VPN access to the main office, would one Snapgear Lite,
installed at the main office be adequate as a VPN server? Could they use
VPN client software that comes with windows at the other locations? The
Snapgear lite is only $299.


"TGW" <tmwhitm@charter.net> wrote in message
news:101oua5842mrc81@corp.supernews.com...
> www.snapgear.com
>
> SnapGear is owned by Cyberguard Corporation, an Enterprise firewall mfg.
in
> Florida. Check out their family of products. SnapGears will allow you to
> perform intrusion detection, provide for gateway-to-gateway vpn and is a
> stateful firewall. Depending on the model, the price is around $700.00
per
> unit. There are a host of other features so I would give them a look.
>
> "Tod DeBie" <tod_debie@hotmail.com> wrote in message
> news:ue_Sb.1509$ow4.394@twister.socal.rr.com...
> > I am working with a guy that needs some new networking gear. He has
three
> > sites:
> > 1. Main office, 10 computers, server, etc.
> > 2. Remote office1, 6 computers, uses VPN to access server in main office
> > 3. Remote office2, 2 computers, uses VPN to access server in main office
> >
> > Right now, all of the sites have cable or DSL modems and basic linksys
> > routers and hubs. None of the office people are computer savvy, and they
> are
> > having some networking problems that cause them to have to reboot the
> > routers.
> >
> > I'd like to put all new gear in, here are a my requirements in order of
> > importance:
> >
> > 1. Rock solid reliability...no reboots required.
> > 2. SNMP support, so I can tell if it has a problem.
> > 3. VPN client and server in hardware so I can connect all of the sites
> > without having to use PC VPN software.
> > 4. POP3 email virus filtering, etc.
> > 5. 1 or 2 - 1 Gigabit Ethernet ports.
> >
> > What else should I be looking for?
> >
> > Any suggestions on hardware to meet these requirements? I'd like to
keep
> > the whole thing in the $2,000 range. What are my options in the $2,000
> range
> > that is close to my requirements and how much will I have to pay if I
want
> a
> > device that does it all?
> >
> > Tod
> >
> >
>
>

You need to determine first what your goal is in terms of access to each
site. Do you need for someone to be able to work remotely from home to the
office and have it be as if they were sitting in the office? Or do you need
to connect the three sites so they would look like one large network, i.e.,
an extranet? The first scenario is a client-to-gateway vpn. The second is
a gateway-to-gateway vpn. In either case, the vpn tunnels can terminate at
the firewall at which time you can apply your filtering rules. From what
you have written below, it sounds as if the second scenario is what you are
trying. If you are that unfamiliar with VPN, I would suggest some quick
reading to become a bit more familiar. I like the O'Reilly books. They are
usually straight forward. O'Reilly has a VPN book, ISBN 1-56592-529-7.

Good Luck,


"Alan White" <alanwhite99@hotmail.com> wrote in message
news:p59Tb.80$ZN1.29815@news20.bellglobal.com...
> I looked at the Snapgear site. I am a real newbie on VPN.
> If they only wanted VPN access to the main office, would one Snapgear
Lite,
> installed at the main office be adequate as a VPN server? Could they use
> VPN client software that comes with windows at the other locations? The
> Snapgear lite is only $299.
>
>
> "TGW" <tmwhitm@charter.net> wrote in message
> news:101oua5842mrc81@corp.supernews.com...
> > www.snapgear.com
> >
> > SnapGear is owned by Cyberguard Corporation, an Enterprise firewall mfg.
> in
> > Florida. Check out their family of products. SnapGears will allow you
to
> > perform intrusion detection, provide for gateway-to-gateway vpn and is a
> > stateful firewall. Depending on the model, the price is around $700.00
> per
> > unit. There are a host of other features so I would give them a look.
> >
> > "Tod DeBie" <tod_debie@hotmail.com> wrote in message
> > news:ue_Sb.1509$ow4.394@twister.socal.rr.com...
> > > I am working with a guy that needs some new networking gear. He has
> three
> > > sites:
> > > 1. Main office, 10 computers, server, etc.
> > > 2. Remote office1, 6 computers, uses VPN to access server in main
office
> > > 3. Remote office2, 2 computers, uses VPN to access server in main
office
> > >
> > > Right now, all of the sites have cable or DSL modems and basic linksys
> > > routers and hubs. None of the office people are computer savvy, and
they
> > are
> > > having some networking problems that cause them to have to reboot the
> > > routers.
> > >
> > > I'd like to put all new gear in, here are a my requirements in order
of
> > > importance:
> > >
> > > 1. Rock solid reliability...no reboots required.
> > > 2. SNMP support, so I can tell if it has a problem.
> > > 3. VPN client and server in hardware so I can connect all of the sites
> > > without having to use PC VPN software.
> > > 4. POP3 email virus filtering, etc.
> > > 5. 1 or 2 - 1 Gigabit Ethernet ports.
> > >
> > > What else should I be looking for?
> > >
> > > Any suggestions on hardware to meet these requirements? I'd like to
> keep
> > > the whole thing in the $2,000 range. What are my options in the $2,000
> > range
> > > that is close to my requirements and how much will I have to pay if I
> want
> > a
> > > device that does it all?
> > >
> > > Tod
> > >
> > >
> >
> >
>
>

Thanks for the tip. Now a trip to the book store, buy a Starbuck coffee and
start to look at O'Reilly
Need to get a better understanding of some of the principals involved. I
always assumed a big hardware cost for VPN host or server end.


"TGW" <tmwhitm@yahoo.com> wrote in message
news:101qcelpsc7160c@corp.supernews.com...
> You need to determine first what your goal is in terms of access to each
> site. Do you need for someone to be able to work remotely from home to
the
> office and have it be as if they were sitting in the office? Or do you
need
> to connect the three sites so they would look like one large network,
i.e.,
> an extranet? The first scenario is a client-to-gateway vpn. The second
is
> a gateway-to-gateway vpn. In either case, the vpn tunnels can terminate
at
> the firewall at which time you can apply your filtering rules. From what
> you have written below, it sounds as if the second scenario is what you
are
> trying. If you are that unfamiliar with VPN, I would suggest some quick
> reading to become a bit more familiar. I like the O'Reilly books. They
are
> usually straight forward. O'Reilly has a VPN book, ISBN 1-56592-529-7.
>
> Good Luck,
>
>
> "Alan White" <alanwhite99@hotmail.com> wrote in message
> news:p59Tb.80$ZN1.29815@news20.bellglobal.com...
> > I looked at the Snapgear site. I am a real newbie on VPN.
> > If they only wanted VPN access to the main office, would one Snapgear
> Lite,
> > installed at the main office be adequate as a VPN server? Could they
use
> > VPN client software that comes with windows at the other locations?
The
> > Snapgear lite is only $299.
> >
> >
> > "TGW" <tmwhitm@charter.net> wrote in message
> > news:101oua5842mrc81@corp.supernews.com...
> > > www.snapgear.com
> > >
> > > SnapGear is owned by Cyberguard Corporation, an Enterprise firewall
mfg.
> > in
> > > Florida. Check out their family of products. SnapGears will allow
you
> to
> > > perform intrusion detection, provide for gateway-to-gateway vpn and is
a
> > > stateful firewall. Depending on the model, the price is around
$700.00
> > per
> > > unit. There are a host of other features so I would give them a look.
> > >
> > > "Tod DeBie" <tod_debie@hotmail.com> wrote in message
> > > news:ue_Sb.1509$ow4.394@twister.socal.rr.com...
> > > > I am working with a guy that needs some new networking gear. He has
> > three
> > > > sites:
> > > > 1. Main office, 10 computers, server, etc.
> > > > 2. Remote office1, 6 computers, uses VPN to access server in main
> office
> > > > 3. Remote office2, 2 computers, uses VPN to access server in main
> office
> > > >
> > > > Right now, all of the sites have cable or DSL modems and basic
linksys
> > > > routers and hubs. None of the office people are computer savvy, and
> they
> > > are
> > > > having some networking problems that cause them to have to reboot
the
> > > > routers.
> > > >
> > > > I'd like to put all new gear in, here are a my requirements in order
> of
> > > > importance:
> > > >
> > > > 1. Rock solid reliability...no reboots required.
> > > > 2. SNMP support, so I can tell if it has a problem.
> > > > 3. VPN client and server in hardware so I can connect all of the
sites
> > > > without having to use PC VPN software.
> > > > 4. POP3 email virus filtering, etc.
> > > > 5. 1 or 2 - 1 Gigabit Ethernet ports.
> > > >
> > > > What else should I be looking for?
> > > >
> > > > Any suggestions on hardware to meet these requirements? I'd like to
> > keep
> > > > the whole thing in the $2,000 range. What are my options in the
$2,000
> > > range
> > > > that is close to my requirements and how much will I have to pay if
I
> > want
> > > a
> > > > device that does it all?
> > > >
> > > > Tod
> > > >
> > > >
> > >
> > >
> >
> >
>
>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Need to get a better understanding of some of the principals
> involved. I always assumed a big hardware cost for VPN host or
> server end.

no, there are some really cheap (or free if you already have some of
the hardware and software) solutions out there. heck, windows OSs
have been able to act as VPN clients since win98 (maybe even win95C
or something), and NT,2K,XP,2K3 can all act as a VPN server. Linux is
also capable of all this.

there are two dominant protocols to look at: PPTP (i believe this is
a Mocro$oft creation) and L2TP which depends on IPSec. PPTP is really
simple to set up, L2TP is typically more complicated, requiring
certificates and such. there are some other less used protocols as
well.

oliver

>
>
> "TGW" <tmwhitm@yahoo.com> wrote in message
> news:101qcelpsc7160c@corp.supernews.com...
> > You need to determine first what your goal is in terms of access
> > to each site. Do you need for someone to be able to work
> > remotely from home to
> the
> > office and have it be as if they were sitting in the office? Or
> > do you
> need
> > to connect the three sites so they would look like one large
> > network,
> i.e.,
> > an extranet? The first scenario is a client-to-gateway vpn. The
> > second
> is
> > a gateway-to-gateway vpn. In either case, the vpn tunnels can
> > terminate
> at
> > the firewall at which time you can apply your filtering rules.
> > From what you have written below, it sounds as if the second
> > scenario is what you
> are
> > trying. If you are that unfamiliar with VPN, I would suggest
> > some quick reading to become a bit more familiar. I like the
> > O'Reilly books. They
> are
> > usually straight forward. O'Reilly has a VPN book, ISBN
> > 1-56592-529-7.
> >
> > Good Luck,
> >
> >
> > "Alan White" <alanwhite99@hotmail.com> wrote in message
> > news:p59Tb.80$ZN1.29815@news20.bellglobal.com...
> > > I looked at the Snapgear site. I am a real newbie on VPN. If
> > > they only wanted VPN access to the main office, would one
> > > Snapgear
> > Lite,
> > > installed at the main office be adequate as a VPN server?
> > > Could they
> use
> > > VPN client software that comes with windows at the other
> > > locations?
> The
> > > Snapgear lite is only $299.
> > >
> > >
> > > "TGW" <tmwhitm@charter.net> wrote in message
> > > news:101oua5842mrc81@corp.supernews.com...
> > > > www.snapgear.com
> > > >
> > > > SnapGear is owned by Cyberguard Corporation, an Enterprise
> > > > firewall
> mfg.
> > > in
> > > > Florida. Check out their family of products. SnapGears will
> > > > allow
> you
> > to
> > > > perform intrusion detection, provide for gateway-to-gateway
> > > > vpn and is
> a
> > > > stateful firewall. Depending on the model, the price is
> > > > around
> $700.00
> > > per
> > > > unit. There are a host of other features so I would give
> > > > them a look.
> > > >
> > > > "Tod DeBie" <tod_debie@hotmail.com> wrote in message
> > > > news:ue_Sb.1509$ow4.394@twister.socal.rr.com...
> > > > > I am working with a guy that needs some new networking
> > > > > gear. He has
> > > three
> > > > > sites:
> > > > > 1. Main office, 10 computers, server, etc.
> > > > > 2. Remote office1, 6 computers, uses VPN to access server
> > > > > in main
> > office
> > > > > 3. Remote office2, 2 computers, uses VPN to access server
> > > > > in main
> > office
> > > > >
> > > > > Right now, all of the sites have cable or DSL modems and
> > > > > basic
> linksys
> > > > > routers and hubs. None of the office people are computer
> > > > > savvy, and
> > they
> > > > are
> > > > > having some networking problems that cause them to have to
> > > > > reboot
> the
> > > > > routers.
> > > > >
> > > > > I'd like to put all new gear in, here are a my requirements
> > > > > in order
> > of
> > > > > importance:
> > > > >
> > > > > 1. Rock solid reliability...no reboots required.
> > > > > 2. SNMP support, so I can tell if it has a problem.
> > > > > 3. VPN client and server in hardware so I can connect all
> > > > > of the
> sites
> > > > > without having to use PC VPN software.
> > > > > 4. POP3 email virus filtering, etc.
> > > > > 5. 1 or 2 - 1 Gigabit Ethernet ports.
> > > > >
> > > > > What else should I be looking for?
> > > > >
> > > > > Any suggestions on hardware to meet these requirements?
> > > > > I'd like to
> > > keep
> > > > > the whole thing in the $2,000 range. What are my options in
> > > > > the
> $2,000
> > > > range
> > > > > that is close to my requirements and how much will I have
> > > > > to pay if
> I
> > > want
> > > > a
> > > > > device that does it all?
> > > > >
> > > > > Tod
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQB4o97coUT0UavXJEQK/wwCeIQfs097xQDEF1hA1y36v0+QUBV4AoIJ/
hyI5ZUoi02F4loOx09MbSD+U
=2Trv
-----END PGP SIGNATURE-----

In article <1OpTb.2151$ZN1.126061@news20.bellglobal.com>,
Oliver O'Boyle <o.oboyle@celerica.ca> wrote:
:there are two dominant protocols to look at: PPTP (i believe this is
:a Mocro$oft creation) and L2TP which depends on IPSec. PPTP is really
:simple to set up, L2TP is typically more complicated, requiring
:certificates and such. there are some other less used protocols as
:well.

IPsec never requires certificates: you can use pre-shared keys.
Certificates certainly help increase scalability! but if you
only have a few sites or the sites only ever talk to one other site
(instead of having to talk to each other too) then pre-shared
can be sustainable too.
--
Before responding, take into account the possibility that the Universe
was created just an instant ago, and that you have not actually read
anything, but were instead created intact with a memory of having read it.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=> IPsec never requires certificates: you can use pre-shared keys.
> Certificates certainly help increase scalability! but if you
> only have a few sites or the sites only ever talk to one other site
> (instead of having to talk to each other too) then pre-shared
> can be sustainable too.

true. i forgot about that option. thanks.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQB6pIbcoUT0UavXJEQLDLQCfS81R7/PbglplCTZhdOrrXECvG5oAn3HV
AGuJAz3lzEKvsgcPS3lPou8p
=NydZ
-----END PGP SIGNATURE-----

In article <bvhuog$981$1@canopus.cc.umanitoba.ca>,
Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
>In article <ue_Sb.1509$ow4.394@twister.socal.rr.com>,
>Tod DeBie <tod_debie@hotmail.com> wrote:
>:I am working with a guy that needs some new networking gear.
>
>:I'd like to put all new gear in, here are a my requirements in order of
>:importance:
>
>:1. Rock solid reliability...no reboots required.
>:2. SNMP support, so I can tell if it has a problem.
>:3. VPN client and server in hardware so I can connect all of the sites
>:without having to use PC VPN software.
>:4. POP3 email virus filtering, etc.
>:5. 1 or 2 - 1 Gigabit Ethernet ports.
>

Split the GB requirement out from the VPN/router requirement.

Use a 10/100/1000 switch for the desktops and servers in each branch
it but for the uplink to the DSL anything more than 10MB is
unnecessary. Use managed switchs to give you a point to monitor
the LAN activity at each branch.

You'll use VPN software on your PC if you're working from outside your
office. w2k and later have it built-in, but there are add-on
packages, also. Use a laptop configured with VPN and some management
tools and you'll be able to manage your whole network from a Starbucks
(make sure you pay attention to WiFi security when not using the
VPN.)

Depending in the type of DSL you have at each office the uplink speed
can be a real bottleneck. Cheap sDSL (128kb uplink/15mmb downlink)
can be misleading becasue when you are browsing the internet it looks
so darn fast.

Netmeeting is neat for handholding users, enable it on all the
desktops and you'll be able to watch what the user is doing instead of
having them explain it over the phone, then take over the keyboard and
mouse and fix the problem.


>:Any suggestions on hardware to meet these requirements? I'd like to keep
>:the whole thing in the $2,000 range.
>
>Cisco does not have any equipment that does email virus filtering.
>Also, as I recall, Cisco does not have any equipment in the $666 price
>range ($2000 / 3 offices) that has any gigabit ports at all
>[unless perhaps in their Linksys subsiduary.]
>
>For the first three points, the closest Cisco match would be
>a 827, 837, or SOHO 97. The 827 is an older model no longer being
>improved; the 837 and SOHO 97 are current models.
>
>The PIX 501 would handle points 1 and 3, but it's SNMP support
>is not very extensive -- for example, you cannot get per-tunnel
>statistics via SNMP on any PIX, and you can't get a list of
>current connections. I don't know how extensive the SNMP
>support is on the 837 or SOHO 97.
>--
> IEA408I: GETMAIN cannot provide buffer for WATLIB.


--
Al Dykes
-----------
adykes@panix.com