[Novalug] Linux alternative to ISA server

Anthony Soucek monkeywrenchit at gmail.com
Fri Nov 2 19:44:44 EDT 2007 

yeah, The Astaro solution is worth wanting, for sure.  I guess I'm too
Conditioning into thinking that only microsoft is allowed to be
expensive.

On 10/30/07, Nick Danger <nick at hackermonkey.com> wrote:
> Anthony Soucek wrote:
> > >From what I've seen, Astaro is Tres Cher! (tooo expensive)
> >
>
> Depends on your budget. I think it compares to many of the commercial
> products out there in terms of features and quality. I almost purchased
> one for here (almost meaning it was shot down after I made a proposal)
> And I'm willing to bet my time to install Astaro in place of our current
> PIX would have been almost nil, wheres a complete from free code
> solution would have be a large investment of time ;-) So I guess i
> should say depends on your resources, time or money.
>
> Nick
>
> > On 10/30/07, Anthony Soucek <monkeywrenchit at gmail.com> wrote:
> >
> >> Im a linux dufus, but even I could install IPCop, which has a web gui
> >> and allows ssl vpn connections...It is small scale, free, and designed
> >> to run on leftover junk hardware.
> >>
> >> My employer uses a Watchguard VPN x700 box, that is a linux appliance,
> >> but I have found thier tech support a little frustrating to work with.
> >>  We have a dozen mobile users and 5 point to point tunnels, It's been
> >> pretty stable.
> >>
> >> These devices dont ensure compliance and do quarantineing like isa
> >> can, I think you can use AD authentication with the mobile user vpn
> >> software clients, but you cant dump someone in a seperate vlan until
> >> they apply patches, which I am told ISA can do.
> >>
> >> Anthony
> >>
> >> On 10/29/07, Miguel Gonzalez Castaños <miguel_3_gonzalez at yahoo.es> wrote:
> >>
> >>> Hi all,
> >>>
> >>>    In our corporate network We have an ISA server running as our
> >>> corporate firewall and VPN server for about 50 employees onsite and 7
> >>> offsite permanently, although around 40-60% of people make extensive use
> >>> of VPN while they are in meetings or in off hours.
> >>>
> >>>    The current server is a HP Proliant DL 320 G3 with about 18 Gb of
> >>> SCSI drive and 1.7 Gb of RAM and a Pentium III
> >>>
> >>>    The overall impression is that our VPN is slow and the idea was to
> >>> replace the server with a bigger one. But I'm really concerned that is
> >>> not a very fault tolerant way, since We only have one VPN/Firewall server.
> >>>
> >>>    I've researched a little bit and I found this:
> >>>
> >>>    http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
> >>>
> >>>    So apparently We could have a setup similar of VPN and let people not
> >>> worry of changes of VPN clients (We use the default VPN clients). My
> >>> concern is that we wanted also Active Directory integration and I think
> >>> It'd be nice and load balancing options, so We could keep both machines
> >>> and still be able to work if any of the two machines go down.
> >>>
> >>>    The important thing here it would be to be able to manage the
> >>> redirection rules easily (maybe a web manager?) and integrate the users
> >>> in the AD structure so We won't have to be creating local users in our
> >>> Firewall.
> >>>
> >>>    I know this is still too vague, but I'd need some rough ideas and
> >>> someone pointing in the right direction
> >>>
> >>>    Miguel
> >>>
> >>>
> >>> _______________________________________________
> >>> Novalug mailing list
> >>> Novalug at calypso.tux.org
> >>> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> >>>
> >>>
> >> --
> >> Anthony Soucek
> >>
> >>
> >
> >
> >
>
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>


-- 
Anthony Soucek

More information about the Novalug mailing list