From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   anto_123@yahoo.com wrote:   
   > I need to allow remote users to access a central server.   
   > I currently have a seperate firewall and DSL router. And a windows 2000   
   > server.   
   >   
   > currently the set up looks like this   
   >   
   > internet---router---firewall---switch----PC/servers   
   >   
   > would a VPN firewall affect the router in any way or is the router   
   > insignificant in such a set up, also would to router or the firewall   
   > handle the Network Address Transalation(NAT)   
   >   
   > Could someone please give me some advice?   
   > Also what VPN firewall would you suggest for about 10 remote users   
   > cost not really a major issue   
   >   
   > thanks in advance   
   >   
      
   Generally most VPN hardware devices act as both a VPN access point and   
   your VPN router/firewall.  You can however leave your existing   
   connections in place a put a VPN server in parallel with the existing   
   equipment if there is a compelling reason to do so.   
      
   If the ADSL Router you listed is also your modem you may need to pay   
   attention to how it is setup.  If this is just a plain bridge modem then   
   you will have no problem.  If it is actually providing NAT based routing   
   then you may need to reconfigure it to turn off the NAT features.   
      
   For hardware I would consider a Nortel VPN Router 1010.  If you desire   
   something cheaper then a Netopia 3386-ENT makes a very inexpensive   
   solution for small networks though I would not want all 10 of your   
   remote users to be connected at the same time with this device.  There   
   are some other good hardware choices but I don't have personal   
   experience using them.  The Netopia gives lots of bang for the buck for   
   small networks but has fewer features than the Nortel VPN routers.  Both   
   devices can support PPTP for simple client setups or full IPSec for more   
   advanced needs.  The Nortel contivity can actually support advanced   
   things like digital certificate based authentication or authentication   
   against a remote LDAP server for integration with a company wide   
   directory service like a Novell or Microsoft Directory server.  It   
   wouldn't be a bad idea to hire a good networking security consultant to   
   set this up and manage it for you too.   
      
   Keep in mind that the higher end devices are a bit more expensive then   
   they seem initially because you usually have to purchase some form of   
   support contract in order to download software updates.  Most low end   
   devices include free software updates that are available on the public   
   portion of the manufacturers website.   
      
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)