Re: Jeff L. -- networking question -- slightly OT

Bob <vjdqlwlj02@xxxxxxxxxxxxxx> hath wroth:

Jeff,

Don't do that. If the question is interesting and I have time, I'll
answer. Sticking my name in the subject is like saying you don't want
input from anyone else.

Slightly off topic? More like way far off topic.

I want to connect 2 wired networks securely via the internet and am
considering VPN routers. I realize "wired" is sl. OT, but belive you
can help with this question. One network receives internet access via
ADSL, while the other uses wireless broadband.

What are the speeds in both directions? Apparently the ADSL is
1500/768Kbit/sec. What's the wireless speed? The reason I ask is
that your preformance is limited by the slowest speed.

I would like to connect
the 2 networks so that they will appear as one large network.

That's exactly what a VPN does.

When connecting machines on the 2 networks, I would want the the
internet connection to be secure,

Most VPN's use either PPTP or IPSec encryption. IPSec is more secure,
but also more complex to setup.

and I'd like to avoid additional
software,

Microsloth likes to terminate their VPN's in their servers. Not
recommended.

so I am thinking routers that have built-in VPN, (VPN
end-points?)

Yep. Router to router makes the system transparent without screwing
around with anything on the LAN. However, there's a not so small
requirement. Your two networks MUST be on different Class C IP
blocks. If one end is running 192.168.1.xxx, then the other should be
on 192.168.2.xxx. (with a netmask of 255.255.255.0). Some routers
will work with idential network blocks but you must be very careful
not to duplicate IP's and you'll find some oddities.

I need to completely restrict internet access on some of
the machines, but continue to allow full local LAN connectivity (those
machines would not necessarily need to connect to the other portion of
the network (via VPN or otherwise).

That's a different issue. Just make sure that the router has a MAC or
IP address filter and you block access. Where it gets sticky is
trying to block access to the other side of the VPN but allow internet
access for a given client computah. It's not possible because they
use the same gateway IP.

I would need 8 or fewer LAN ports on each router, and would only need
2 or 3 simultaneous VPN connections between the 2 networks.

With a router to router VPN connection, there is only one connection.
However, you may want to have mobile clients on the internet connect
to the VPN from outside. That will require additional connections.
Most boxes will do 5 or 10. Check the specs.

Your thoughts and opinions on proper hardware would be appreciated.
I've found a number of routers that appear to be appropriate, but I
have very limited personal knowledge of these particular routers and
would like some pointers in the right direction.

That's easy. Sonicwall and Netscreen. Both are expensive as in $500
and up for each end. Worth the price, methinks. I've used much
cheaper Linksys BEFVP41 VPN routers and was not thrilled.

http://www.sonicwall.com/products/tz170.html
http://www.sonicwall.com/support/tz170_documentation.html

http://www.sonicwall.com/support/pdfs/technotes/using_vlans_with_sonicwalls.pdf

http://www.juniper.net/products/integrated/ns_5series.html
http://www.juniper.net/products/integrated/d***/110002.pdf

Even though the
internet connections top out at around 1.5 Mbps down/ 768Kbps up, I
would like to find appropriate routers with the highest throughput.

Sorry. I don't have any benchmarks.

--
Jeff Liebermann jeffl@xxxxxxxxxxxxxxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.