Prev: iSCSI or SMB using SBS 2003
Next: SBS 2008 Stuck Applying Computer Settings
From: David Carl on 1 Mar 2010 16:11
Well the RV042 has an IPSec limit of 50 and a PPTP limit of 5. So this might
just remove the RV042 as an option altogether. So what's the solution for
someone who has no hardware, but is planning on moving forward on April 1
with a SBS2008?

"Joe" wrote:

> Cliff Galiher - MVP wrote:
>
> > VPN you use. PPTP VPNs can
> > have an endpoint behind a NAT router as long as the router knows how to
> > handle GRE packets. In this case, any restrictions on VPN tunnels that
> > the router has *usually* (but not always) applies to how many tunnels it
> > is the end-point for. Since SBS is the end-point in this configuration,
> > the VPN limits would not apply.
> >
>
> I'd go a bit further and say that there must be a router limit on PPTP
> passthrough, because in addition to forwarding the two protocols
> involved, it must associate them. The router must know that it has to
> accept unsolicited protocol 47 packets from an external IP address which
> currently maintains a TCP/1723 session. It needs to maintain a lookup
> table containing these entries, and there will be a limit to the number
> of table entries. There are a number of protocols which need such lookup
> tables, FTP being another.
>
> That does not mean there is necessarily a low limit on VPN tunnels, as
> with some loss of speed, these entries can be shared in the NAT table,
> which will have quite a large maximum size. But if the router
> specification explicitly states a limit on PPTP passthrough connections,
> you should believe it, as the implementation will have optimised the
> table structures for speed, and there will be a fixed number of entries
> in each of a number of different small tables.
>
> --
> Joe
> .
>
From: Leythos on 1 Mar 2010 20:53
In article <765A8B7F-4754-4B91-A685-BE12C19C1D47(a)microsoft.com>,
DavidCarl(a)discussions.microsoft.com says...
>
> I have been using sbs2003 with 2-nic / ISA configuration. I am now upgrading
> to new server and sbs2008. I realize I need to get a router. We have 14
> workstations on the LAN and 6 more people work from home full time currently
> using XP VPN. Just about everyone uses OWA and/or RWW from time to time when
> not in the office. My question is this. I am looking at Cisco RV042,
> because I want 2 WAN ports to add a second DSL and balance remote users, but
> there are VPN tunnel limits. Am I going to just open ports my router
> firewall and SBS takes care of the rest or do I need to be concerned about
> the routers max tunnel limit. I asked these questions of the Cisco TS and
> they started pointing me to a series 1941 that sells for $1500, and I think
> that's a bit pricey for what I am trying to do. I know this is really not an
> SBS question, but would appreciate any guidance. Thank you.

Since you're no longer getting the protection of ISA, and most NAT
routers provide little real protection - you need to consider the cost
and benefit of a real firewall appliance.

If you don't consider a firewall, one that can inspect the actual
traffic, remove malicious content from websites, remove malware of SMTP,
provide IPSec/PPTP tunnel end-point services, and also do the NAT,
you're realling doing yourself and your business/client a disservice.

I would suggest that you consider the WatchGuard X550e with UTM services
- it provides anti-spam, anti-virus for SMTP/HTTP, and intrusion
detection along with the ability to create different HTTP/HTTPS filter
rules per computer - so that you can give managers access to more things
on the web than common users.

If you think that $1500 initial cost and then $500 per year is high,
wait till you pay the cost of a compromised network just once.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free(a)rrohio.com (remove 999 for proper email address)
First  |  Prev  | 
Pages: 1 2
Prev: iSCSI or SMB using SBS 2003
Next: SBS 2008 Stuck Applying Computer Settings