Re: Jeff L. -- networking question -- slightly OT
- From: Jeff Liebermann <jeffl@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 18 Feb 2006 18:25:15 -0800
Bob <vjdqlwlj02@xxxxxxxxxxxxxx> hath wroth:
Wireless is 1300/650 Kbit/sec.
It's going to run at the 650Kbit/sec speed. With layers of
encapsulation and encryption, even slower.
Do you
have any knowledge of the netgear VPN routers?
Yes. They have a line of VPN routers. I haven't done much with them.
The customers that pay me to setup their VPN pretzel want it to work
out of the box, the first time, and without any subsequent suprises.
One hickup and the cost if far more than the cost of the routers. They
are perfectly willing to pay for the best to avoid problems.
Therefore, I avoid the cheapo routers. If you like to try Netgear, I
suggest you look at some of the VPN problems in the Netgear forums at:
http://forum1.netgear.com/support/viewforum.php?f=4
I did, and did not like the large number of post installation
problems.
Are they in the same category as the Linksys?
Well, Netgear does have a rather solid looking metal box. Linksys is
plastic. Other than that, methinks they're about the same.
However, the $500 pricetag at each end for
the sonicwall would not be prohibitive in this particular application.
Do the math. Pretend you have a failure of some sort a few months
downstream. What would you charge to troubleshoot and fix it? What
will it cost the company in lost productivity? One of my former
customers carried computer downtime insurance because failures were so
costly.
If I understand you correctly, this won't be a problem. On the
machines that I need to block internet access, they need to be able to
see and be seen on the "local" LAN, but they would not need to access
or be accessed by the "remote" LAN. The unblocked machines would need
local LAN access, internet access, and access to the remote LAN.
Would MAC filtering allow this?
You missed the important issue. I can't block any machine from
getting to the remote LAN without also blocking its access to the
internet.
Could a NAS device be configured to
allow it to be accessed both locally and remotely?
The NAS boxes I've played with do not have an ACL (access control
list). They rely on the Windoze DC (domain controller) or AD (active
directory) to deal with access issues. They may have local passwords
for shares and directories but there's no means of filering by IP
address. You could stuff a router (with NAT disabled) betweent the
NAS box and rest of the LAN, and control access using the router
configs.
Incidentally, I've been playing with Buffalo Linkstation NAS boxes.
Wonderful product. I've been furiously replacing SAMBA and Windoze
servers with NAS for customers that don't run applications on the
server.
| http://www.buffalotech.com/products/product-detail.php?productid=72&categoryid=16
For that matter, if there is any appropriate software available, I
could dedicate one of the old hangar queen computahs to routing
duties, if a -600mhz P3 would be fast enough to not restrict
throughput.
I use Freesco for a Linux based router. WAN-LAN thruput of my PII/450
with a pair of Pro100 cards is about 35Mbit/sec with a mess of filter
rules.
http://www.freesco.org
--
Jeff Liebermann jeffl@xxxxxxxxxxxxxxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.
- Follow-Ups:
- References:
- Jeff L. -- networking question -- slightly OT
- From: Bob
- Re: Jeff L. -- networking question -- slightly OT
- From: Jeff Liebermann
- Re: Jeff L. -- networking question -- slightly OT
- From: Bob
- Jeff L. -- networking question -- slightly OT
- Prev by Date: Re: Reflection problem?
- Next by Date: Re: Help! I'm a muppet!
- Previous by thread: Re: Jeff L. -- networking question -- slightly OT
- Next by thread: Re: Jeff L. -- networking question -- slightly OT
- Index(es):
Relevant Pages
|
