From: fmarshallx@remove_the_x.acm.org
"Mike Drechsler - SPAM PROTECTED EMAIL"
wrote in message
news:l4HMf.72751$Id3.63042@fe04.news.easynews.com...
> Fred Marshall wrote:
>> In other words:
>>
>> Can one run two VPNs through a Linksys router? Which one? Any other
>> simple router model of any manufacture?
>>
>> Thanks,
>>
>> Fred
>>
> SNIP
>
> Yes
> RV series
> Too many to mention.
>
> Have you even bothered to look at the Linksys website? If it says VPN
> endpoint then you can bet the device is limited to 1 or 2 simultaneous VPN
> connections. If it says VPN router then it's likely 50 simultaneous VPN
> connections. I would never suggest using any of these routers if you have
> anywhere close to 50 simultaneous connections running. But for connecting
> a handful of sites it should work. Perhaps if you had 50 home office
> users that only access the VPN connection occasionally it might work but I
> imagine even doing key renegotiations for 50 unused tunnels might stress
> out a Linksys router.
>
> If you need to connect sites and you consider this link important then you
> should get a consultant who has experience in this area. Your diagrams
> seem to indicate that you don't quite "get it".
Mike,
Thanks for the reply. You're right, I don't quite get it. So, I'm
learning. And, oh yes, I've looked at the Linksys website quite a bit. My
problem is mostly with the lingo which I'm picking up. It's more difficult
because there seem to be so many VPN schemes.
I'm focusing on Linksys because I work with them often enough at the low
end, it's what's installed and it's what one of our local ISPs uses. We've
discussed the RV series.
Maybe you could clear up a nagging question for me:
I see reference to "tunnel" and I see reference to "passthrough" and I see
reference to "end point". I have a pretty good idea what an end point is.
But, I don't understand the difference between tunnel and passthrough.
My problem with what I find on the Linksys website is that it seems to talk
about the devices as VPN end points but not so much about passthrough. For
example, I can find that there are some of their products that will support
only one VPN passthrough at a time but no mention, except by implication, of
products that will support more than one VPN passthrough at a time. Oh yes,
they talk about more than one end point being implemented but not clearly
more than one passthrough. So, it's not a dumb question.
One of my problems is that I don't maintain a "lab" where I can buy a bunch
of stuff and try it out. I have to be conservative in selecting devices
because I want them to work when I put them in the network. But, I may have
to just buy one or two of the RV devices for learning.
The architecture I had in mind when I wrote the original post was to
continue using a NAT device at the front end and to have VPN end points and
the LAN Internet firewall inside of that device.
Yes, one can ask "why?". It's because there was a desire/need in the
original architecture to have a cascaded NAT firewall arrangement. It's
what was implemented and I'd hoped to keep the configuration unless it's
more trouble than it's worth. And, presumably it would limit the number of
static public IP addresses we'd need.
My hope that the VPN operations would be transparent to the NAT device (or
vice versa) - but I have some doubts. I guess an RV at the front end would
handle this configuration in a routing table - which isn't transparent but
would be just fine.
Fred
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
