On Mon, 27 Oct 2003 08:28:22 -0500, "John Ferriby" <john@ferriby.com> wrote:
VPN technologies are either too weak, like PPTP, too expensive or difficult to grasp like IPsec, or too new like the HTTPS tunnels.
Dunno about HTTPS; I prefer to avoid opening _any_ inbound ports through my firewalls, since my clients are typically too small to afford good stateful inspection, and I dislike server-based firewalls. VPNs, however, are not the problem they used to be. I use Netopia R910s and 3381-ENTs, which are cheap and provide both PPTP and IPsec endpoints, with or without encryption. They're reasonably easy to configure (good documentation and good support), and work just fine with Microsoft's built-in Windows VPN clients. Yes, I know PPTP isn't as strong as IPsec. But it's certainly more than strong enough to keep out the riff-raff, and that's all we need here. This allows me to provide secure, low-cost remote network access to and between clients' LANs without any DMZs or pinholed routers. And I tell any client who really wants to provide services to the Internet at large, that they're far better off to contract the service with an ISP, who will almost certainly do the job both better and cheaper. Hey, I make good money doing this; so can you! I don't see any good justification for people to treat the Internet like their own back yard. But is bandwidth really so cheap that ISPs don't have any stake in conserving it? /kenw Ken Wallewein CDP,CNE,MCSE,CCA,CCNA K&M Systems Integration Phone (403)274-7848 Fax (403)275-4535 kenw@kmsi.net www.kmsi.net