Site to Site VPN with FVS336G Netgear ProSafe

In local area networking, you can extend the network by running the backbone cable to connect the two LAN networks. But if running the backbone cable is not possible, you can connect between the two separate buildings (LANs) by using wireless bridge devices.

What if you need to extend the network or connect two networks (sites) which are separated in different cities, or different countries? One of the more economical solutions is deploying Site to Site VPN.

You can connect both sites by means of WAN link connection ; you can liaise with your ISP what is the available service they can offer to you. This can be frame relay, leased line, ISDN and so on. These types of WAN services technology are generally much expensive solutions which are typically used by corporations that demand reliable site to site connections. Site to site VPN is a low cost inter-site connection via public internet instead of leased lines.

Virtual Private Network (VPN) is the economical technology in connecting a computer or a network to a remote site over a public network (the internet) in a secure way.

There are two types of VPN:

1. Network to Network or Site-to-site VPN

A site-to-site VPN can be described as a branch office network connects to the corporate network via a VPN. Typically branch offices connect to the corporate network use expensive T1 lines. Site to site VPN is a low-cost alternate solution in replacement of T1 lines. To provide enough bandwidth for VPN connections from the branch offices, typically corporate network requires a leased line for its VPN gateway. Unfortunately, VPN solution is relatively slow and unreliable compared to leased line.

2. Host to Host

Home users (remote workers) can use their laptop to connect to their corporate network by means of VPN secure tunneling. Generally Tele-workers use broadband internet connection from home to create tunneling to the corporate network. This is a more cost-effective than traditional remote access using modem pools, dedicated phone lines, and toll-free numbers.

VPN Architecture

Both site to site VPN and host to host VPNs are based on a client – server architecture:

VPN client initiates VPN connection with the VPN server. Typically home users (tele-workers) with their broadband internet connection initiate connection by contacting the VPN server to connect to the corporate network or intranet network.

In the VPN server side, the server authenticates the VPN client by negotiating which protocols and encryption to use and then establishing the VPN connection. When the VPN connection is established, both VPN client and the corporate network is transparently connected each other as if they were connected locally.

Typically there are two VPN protocols widely used today, the Point-to-Point Tunneling Protocol (PPTP) which is developed by Microsoft and Layer 2 Tunneling Protocol (L2TP) which is developed by Cisco. But both types of protocols are essentially extensions of the industry standard Point-to-Point Protocol (PPP).

There are many types of VPN appliances available in the market you can use for site to site VPN connections ranging for small businesses to medium or enterprise networks.

FVS336G Netgear ProSafe VPN series

FVS336G is a dual WAN Gigabit SSL VPN Firewall to provide load-balancing and failover protection to ensure maximum throughput and reliable connectivity to the Internet. You can utilize both WAN port for ADSL and Cable broadband Internet connection each. It’s good, besides for load-balancing, it provides high availability of the internet services. See also Cisco – router redundancy.

Site to Site VPN Connection Diagram

For the implementation of site to site VPN connection, FVS336G provides IPSec VPN tunnels. The IPSec VPN wizard automates IPSec VPN configuration and secure remote makes it simple to connect to multiple sites. Besides, it also offers SSL tunneling to provide clientless remote access to your corporate data for individual access anywhere and anytime. The following is the diagram you can deploy for site to site VPN implementation. By utilizing both WAN ports, you can connect each of the port to DSL and Cable modems for load balance and redundancy. If Cable services fail, you still have DSL services to function.

To connect to the ISP, the system will detect automatically and configuration can be done via user-friendly Web-based ProSafe Control Center. It also supports DHCP (client and server) and PPPoE for easy deployment. Included 4-port Gigabit LAN Switch, you can connect direct to the computers that are compatible with Windows®, UNIX®, Macintosh®, and Linux® OS.

Advanced Security Features

Since the firewall is very essential in filtering any types of inbound internet traffic, FVS336G is powered by high-grade firewall features including SPI (stateful packet inspection), URL keyword filtering, logging, reporting, and real-time alerts. While to provide internet access, the router supports NAT to allow up to 253 users access your broadband connection at the same time, suitable for small to medium business networks.

The FVS336G takes care of all your security needs, with support of up to 25 IPsec VPN tunnels and 10 SSL VPN tunnels simultaneously, hacker protection via SPI firewall, DoS attack protection, and multiple VPN pass-through. SYSLOG and email reporting enable thorough network monitoring.

Pros:

• Load balance and fail-over features
• Gigabit Ethernet ports

Cons:

• Customer ratings in Amazon not so good, 3,5 stars (out of five) for features and performance; 2 stars for customer supports

Site to Site VPN is an economical solution for connecting two or more remote sites. Netgear FVS336G is a dual-WAN Gigabit-port is an easy VPN solution for small to medium sized businesses.

By Ki Grinsing

See also:

• Cisco RV220W Small business router
• Duolinks SW24 VPN Dual Wan Router For Small Offices
• SSL VPN Appliance using NETGEAR ProSafe SSL312 SSL VPN Concentrator 25
• Cisco RV082 dual-wan vpn router
• Edimax EnduraLINK ER-1088 Multi WAN Routers
• Cisco RV016 Multi WAN Routers with VPN