I know this isn't a commercial firewall, but I've had great luck using IPCOP
for emergency stuff like this.
It does vpn and pptp. I've used a 1U rackmount box for this...
We've got SnapGear's older stuff here at work for VPN along with some Pix
stuff. The SnapGear is cheap and does vpn and pptp. We only have the low
end SnapGear which isn't rack mount... but their larger stuff is.
The SnapGear we have is five years old and just used for small pptp access
to the office.
They do have some larger stuff that rack mounts but ours is just this little
compact appliance with dual ethernets that sits on a rack shelf in the lab
with the rack mounted cisco stuff with it.
Bill
On 8/16/06, Bruce Lane <kyrrin at bluefeathertech.com> wrote:
Murphy's having some real fun with me this week...
It seems that the failure of the outside world to access Blue
Feather's FTP site was only the beginning. Within a couple of hours after I
started troubleshooting last night, I discovered that our entire domain,
including mail and web servers, had disappeared from the 'net.
The problem turned out to be (and I never saw this coming) -- our
firewall/router! It had, apparently, decided that it was simply going to
give up the ghost, and not give ANY indication in its (alleged)
self-diagnostics.
No amount of power-cycling has fixed it, so I am going to replace
it. Post-haste, I would add. The original unit was a Watchguard Firebox II
that I got as a freebie, but Watchguard's current products are way too
expensive for my tastes.
If anyone knows of a good, solid VPN router, in the $400-$500
(max) range, with at least the following features I would appreciate hearing
about it. I'm currently looking at Zyxel (the Zywall 5) and Multitech
(RouteFinder 830).
--Must support 1:1 NAT mapping.
--Must support at least IPSec VPN with 3DES or AES encryption, and
the VPN client must be low-cost or included.
--Preferably, should also support PPTP for when IPSec is blocked
at the originating end (I've seen it happen).
--Must be RACK-MOUNTED, as in it has rack ears or brackets. This
is NOT negotiable.
--The manufacturer must NOT, unlike Watchguard and Juniper
Networks, nickle-and-dime its users to death for extra features.
Thanks much, and I apologize for the hassles. I never saw this one
coming...
-=-=-=-=-=-=-=-=-=-=-=-
Bruce Lane, Owner & Head Hardware Heavy,
Blue Feather Technologies --
http://www.bluefeathertech.com
kyrrin (at) bluefeathertech do/t c=o=m
"If Salvador Dali had owned a computer, would it have been equipped with
surreal ports?"