Home Forums Discussions General Discussion IPsec VPN???

My local Clinical Information Exchange is asking to VPN to my server to interface the data to Amazing Charts. It appears it needs a hardware IPsec VPN device? Any suggestions? Do I need this?

SBS has VPN capability built in. It seems like a waste to get hardware VPN for just 1 session. However, if you must have hardware VPN, [u]this Cisco Small Business RV042 VPN Router [/u] should do the job. This will give you a hardware firewall, VPN, and replace your old router.

P.S.: There is an older version, the RVS4000, however, I won't recommend that as it's reached EOL which means no support. Also, there are several bad reviews.

Thanks Sandeep...Yes, I actually use the VPN on my SBS 2003, however this company wants a hardware vpn connection to exchange data

O well. Too bad they won't just use that. Cisco is pretty much the standard when it comes to VPN. The one I suggest above has IPSec VPN. Dual WAN is a nice plus.

Thinking about getting this soon as well, mainly for the Dual WAN. Use a T1 backbone for reliability/failover in conjunction with a regular broadband ISP for speed. (Time Warner has been so bad.)

Niko,

The reason they want a hardware VPN is because the VPN that comes with SBS is not IPSEC and it is treated as a dial-up connection. The hardware VPN is always on.

Sandeep,

Once again I see my experiences are completely different from someone on this forum. I am actually moving back to Time Warner Cable because AT&T has been horrible. I went to AT&T for the lower price, but they have so many problems. Never had any issues with TWC.

JamesNT

James,
Thanks for the info...Do you have any hardware recommendations?

And to you and Sandeep, I switched from Verizon to Time Warner and have been very satisfied in price and service.

@James (Unrelated to Post)
My Internet was down for 3 days once last year. Just this week it was down half of Wednesday down to Thursday afternoon. Must've been a blow switch or something because we have a new IP now. It was also terribly slow with pings in the thousands to nearby LA servers. Had to update the MX Records and DNS. It's back to normal now though.

Most IPs are pretty bad here. I have a hard time finding an ISP with decent reviews. I have Verizon in some places, Time Warner in others. Wish I could get FiOS. That seems promising. It's sort of a monopoly when it comes to Internet Service Providers.

I'm contemplating moving to a dedicated T-1 with some fast, cheap secondary service. But all of the neighboring offices are also complaining of unreliable/slow internet. So we might just get together and get a DS3/T3 line, maybe VoIP along with it as well. We get that nice SLA and good speed.

SBS can be configured with L2TP IPSec, but it's not something that's very easy to implement like the built-in SBS VPN. It involves adding the Network Policy and Access Services Role. But SBS already has a lot on its plate. So the hardware VPN is a good solution.

Sandeep,

Quite correct. I forgot about L2TP IPSEC. My apologies.

JameNT

Sandeep (response to unrelated post),

Wow. That sucks that you are having so much trouble finding decent Internet. I wish you the best of luck.

JamesNT

@James

Thank you.

It seems like it's going to be too much work to get 24 offices to get a DS3 connection. Probably going to get a T1 with a neighboring office as a fail-over.

Not the easiest to configure compared to a ready to go Cisco Hardware VPN. Not frequently used from what I've seen.

Hey Guys,

I was told the Network engineer interfacing with my local healthcare exchange, that the "Cisco RV042 4-port 10/100 VPN Router - Dual WAN" Router does NOT support a policy NAT.

They recommend a Cisco ASA 5505....but do I really need this expensive device or are they trying to sell it to me?

They're right about it not supporting Policy NAT. It supports One to One NAT which is no problem for you having one server, but they have multiple. That's a 1200+ (before tax) dollar VPN router. They need it for things to work properly on their end I'm guessing. But they're making you foot the bill.

@James
This is why I need a T1...


I might as well get dial up. That'll be faster. This is testing @ 11:30 PM too.

Ours is 1.35Mbps download and .64Mbps upload.

JamesNT

We pay for 5.0 Mb Down and 0.5 Mb Up, but it hardly ever runs near that. Service went out again this weekend.

I am surprised at how well RDP runs even at dial up speeds. LMI not doing so well.

The download speed is about 3.0 Mbps at least which is still slow.

Why are your connections so slow?
I get 6+meg down, and .75meg up with a home connection in Astoria, OR.
ATT 3G is 1-2 meg down, .3 - .5 up in little tiny Manzanita on the coast where I go for respite.

You live in Calif., mother lode of all things electronic!

I guess they don't like me ha. At home We actually 10 Mb down/ 1 Up at home, but then again this connection is hardly ever stressed since I moved out The cable company sort of works like this they buy 50 Megabits of bandwith from the backbone and sell it 50 people, advertising the speed as 25 megabits. In other words, it operates on the assumption that there will be people who use a lot and people who barely use it. The more people that join, the slower it gets.

A full T-1 on the other hand is a guaranteed 1.5 Mb symmetric connection. That bandwith is reserved for you. Around 70-80% of the cost for T-1 has more to do with the cost of the loop and service than the actual bandwith itself. T-1s come with a Service Level Agreement which says something along the lines, "We'll credit you if the connection goes down (even if it's 5 minutes)." Cable companies like TW or Verizon on the other hand can take days to fix things.

This is what I'm working with now ha. Best thing ever. I wish I could have this connection at home.