vpn tunnels

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by bksales, Sep 22, 2006.

  1. bksales

    bksales LI Guru Member

    i am not sure if this is the proper forum to post this question so hopefully i will not get booted out of here for asking.

    i want to accomplish the following.

    1. connect two networks via vpn tunnel - this should be "simple" but reading about what works (and what does not) with some of the linksys routers i figured before i bought any more hardware i would ask some others about their experiences. the hardware we have now will not do it - the one network uses a wrt54 router which does not seem to work as an end point, the second network has a wrv200 router which says it supports a vpn end point. everyone i have talked to said my life will be easier if i use matched routers at each end so i have been looking at the rv42's and 82's as a possible solution and am looking for comment on the advisability of doing this. i would then use the existing routers simply as wireless access points. we will have at most 2 client computers on each end accessing the opposite network. network 1 is connected to the internet via dsl and network 2 is connected via cable (comcast). so if anyone has advice on either my choice of routers or alternative suggestions i would greatly appreciate it. the things i am worried about mostly are: a) does the vpn tunneling work? b) how good/bad is the performance (i.e do these devices have enough memory), c) are they stable and d) do you have to be a rocket scientist to configure the vpn tunnels?
    2. we have two "road warriors" that will need to be able to access both networks - i am hoping the the linksys quickvpn utility will allow us to make this a reality. both these laptops will connect to the internet via the sprint network when on the road. in fact i have already tested the quickvpn utility with the existing wvr200 and it seems to work. the connection works fine but seems slow and i don't know if it is because the wrv200 is the cause - it is quite cheap so i suspect it has very little memory. most of the access we do is against our crm system, there is very little file transfer when these guys are on the road so i would expect the access speeds to be similar to direct connect, but here again i am quite new to this vpn thing. again, any comment on the quickvpn or a suggestion about an alternative. i have read that you can create a vpn client using windows/xp and don't need any other client software - should i be investaging this more?

    any help would be greatly appreciated.
  2. d__l

    d__l Network Guru Member

    The RV seem to work well as tunnel end points. Also an SX41 or VP41 can be used to connect to an RV as well. There is some reduced security to the VPN tunnel during the initiation phase if the SX41 or VP41 is connecting with a dynamic IP though.

    You don't have to be a rocket scientist, but there is a very steep learning curve caused by numerous settings which have to match exactly on both ends of the tunnel or nothing happens. Once you get your first tunnel up, then it will seem easy.

    The performance through the tunnel is dictated by your slowest upload speed so you want to maximize all upload speeds as much as you can. The tunnel also adds some overhead to the throughput speeds which make things a even a little slower.
  3. bksales

    bksales LI Guru Member

    well my routers arrived. i installed them and they work like a champ. i must say that it was actually pretty easy to create the vpn tunnels. performance is pretty good (limited by the upload speed of comcast which is amazingly low). we use dsl on the other end which has twice the upload speed which again surprised me. thanks for the advice.
  4. d__l

    d__l Network Guru Member

    Many people recommend not using NetBIOS with the VPN if you possibly can as it will take up a little bit of your VPN throughput capacity. I've never seen an estimate of how much overhead it might add though.
  5. TazUk

    TazUk Network Guru Member

    Well Microsoft aren't known for their optimisations :wink1: although to be fair NetBIOS is an IBM concoction from the back in the days of PC Lan.
  6. d__l

    d__l Network Guru Member

    I would love to see someone test throughputs on an IPsec tunnel with and without NETBios and post some actual numbers.

    Actually this sort of testing is on my list of curious things to do when I find the time, but it's way, way down the list! :)
  7. G_Styles

    G_Styles Network Guru Member

    Although I have not tested with actual numbers, I have used VPN tunnels extensively with both setups. The netbios broadcasts are on a per node basis, so The more machines you have on each side the worse it gets. If you only have a small number of workstations on each side you should not notice a difference at all. Netbios only broadcsts a couple of packets every couple minutes. But if you have a large number of Workstations on either side, that broadcast traffic could impede your performance somewhat. Now if you have enough systems on either side, or both sides of your tunnel, say 10 or more, then I would advise putting in a WINS server. This will eliminate all netbios broadcast traffic along your VPN.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice