[Novalug] Linux alternative to ISA server

Nick Danger nick@hackermonkey.com
Tue Oct 30 22:36:11 EDT 2007


Anthony Soucek wrote:
> >From what I've seen, Astaro is Tres Cher! (tooo expensive)
>   

Depends on your budget. I think it compares to many of the commercial 
products out there in terms of features and quality. I almost purchased 
one for here (almost meaning it was shot down after I made a proposal) 
And I'm willing to bet my time to install Astaro in place of our current 
PIX would have been almost nil, wheres a complete from free code 
solution would have be a large investment of time ;-) So I guess i 
should say depends on your resources, time or money.

Nick

> On 10/30/07, Anthony Soucek <monkeywrenchit@gmail.com> wrote:
>   
>> Im a linux dufus, but even I could install IPCop, which has a web gui
>> and allows ssl vpn connections...It is small scale, free, and designed
>> to run on leftover junk hardware.
>>
>> My employer uses a Watchguard VPN x700 box, that is a linux appliance,
>> but I have found thier tech support a little frustrating to work with.
>>  We have a dozen mobile users and 5 point to point tunnels, It's been
>> pretty stable.
>>
>> These devices dont ensure compliance and do quarantineing like isa
>> can, I think you can use AD authentication with the mobile user vpn
>> software clients, but you cant dump someone in a seperate vlan until
>> they apply patches, which I am told ISA can do.
>>
>> Anthony
>>
>> On 10/29/07, Miguel Gonzalez Castaños <miguel_3_gonzalez@yahoo.es> wrote:
>>     
>>> Hi all,
>>>
>>>    In our corporate network We have an ISA server running as our
>>> corporate firewall and VPN server for about 50 employees onsite and 7
>>> offsite permanently, although around 40-60% of people make extensive use
>>> of VPN while they are in meetings or in off hours.
>>>
>>>    The current server is a HP Proliant DL 320 G3 with about 18 Gb of
>>> SCSI drive and 1.7 Gb of RAM and a Pentium III
>>>
>>>    The overall impression is that our VPN is slow and the idea was to
>>> replace the server with a bigger one. But I'm really concerned that is
>>> not a very fault tolerant way, since We only have one VPN/Firewall server.
>>>
>>>    I've researched a little bit and I found this:
>>>
>>>    http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
>>>
>>>    So apparently We could have a setup similar of VPN and let people not
>>> worry of changes of VPN clients (We use the default VPN clients). My
>>> concern is that we wanted also Active Directory integration and I think
>>> It'd be nice and load balancing options, so We could keep both machines
>>> and still be able to work if any of the two machines go down.
>>>
>>>    The important thing here it would be to be able to manage the
>>> redirection rules easily (maybe a web manager?) and integrate the users
>>> in the AD structure so We won't have to be creating local users in our
>>> Firewall.
>>>
>>>    I know this is still too vague, but I'd need some rough ideas and
>>> someone pointing in the right direction
>>>
>>>    Miguel
>>>
>>>
>>> _______________________________________________
>>> Novalug mailing list
>>> Novalug@calypso.tux.org
>>> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>>>
>>>       
>> --
>> Anthony Soucek
>>
>>     
>
>
>   




More information about the Novalug mailing list