Ask the Expert

What is a good low end cost VPN router?

I am a consultant and have a customer that needs to have a remote location VPN. I need a router for the remote location to create a VPN connection so that all devices on the remote site are considered on the network. What is a good low cost VPN router? The host site currently just has a DSL connection with a static IP and a Linksys router.

    Requires Free Membership to View

I assume that your remote PCs are using the server site's Linksys router (or the Server itself) as a VPN gateway. I'll guess that you are probably using PPTP as your VPN protocol.

You want to replace the remote VPN clients on each PC with a VPN gateway for the entire remote office. For example:

RemotePC1-----+---(Internet)------------Linksys-----Server
              |
RemotePC2-----+
would become
RemotePC1-----+---Router---(Internet)---Linksys-----Server
              |
RemotePC2-----+

There are two ways to accomplish this. You can look for a router that behaves as though it were a VPN client. Or you can create a site-to-site VPN tunnel between the router and the Linksys or Server.

The first method has the advantage of requiring no change to your Server site. Your VPN gateway, whether it's your Linksys or Server, will continue to authenticate the new remote router as though it were just another VPN client. In fact, some PCs can continue to connect as they do now while others connect through the remote router. However, your equipment choices are going to be somewhat limited, because there are not that many routers designed to behave as "hardware VPN clients." For an entry-level example, see the SnapGear SG300.

The second method is more common for securing traffic from a remote office to a central site. It requires compatible VPN gateways at both ends. Depending on the products and protocols you are using today, you may be find a VPN/router that will be directly compatible. This is more likely if you are using IPSEC than if you are using PPTP, since many PPTP products operate in client/server rather than site-to-site mode. One entry-level IPSEC router for site-to-site tunneling is the SonicWALL TELE3. Note that if you're using a Windows 2000/XP/2003 Server as a VPN gateway today, you can just add new security policies for an IPSEC site-to-site tunnel. IPSEC is already part of those operating systems, although many companies prefer using a separate VPN gateway to avoid putting VPN load on the server itself.

If you're looking to reduce VPN costs, you might also want to calculate your VPN capacity to see if you can possibly downgrade your VPN link capacity. This tip explains how to calculate the cost of VPN links, for more information.

 

This was first published in June 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: