[nylug-talk] Linux alternative to ISA server
Miguel Gonzalez Castaños
miguel_3_gonzalez at yahoo.es
Tue Oct 30 11:03:32 EDT 2007
Hi all,
In our corporate network We have an ISA server running as our
corporate firewall and VPN server for about 50 employees onsite and 7
offsite permanently, although around 40-60% of people make extensive use
of VPN while they are in meetings or in off hours.
The current server is a HP Proliant DL 320 G3 with about 18 Gb of SCSI
drive and 1.7 Gb of RAM and a Pentium III
The overall impression is that our VPN is slow and the idea was to
replace the server with a bigger one. But I'm really concerned that is
not a very fault tolerant way, since We only have one VPN/Firewall server.
I've researched a little bit and I found this:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
So apparently We could have a setup similar of VPN and let people not
worry of changes of VPN clients (We use the default VPN clients). My
concern is that we wanted also Active Directory integration and I think
It'd be nice and load balancing options, so We could keep both machines
and still be able to work if any of the two machines go down.
The important thing here it would be to be able to manage the
redirection rules easily (maybe a web manager?) and integrate the users
in the AD structure so We won't have to be creating local users in our
Firewall.
I know this is still too vague, but I'd need some rough ideas and
someone pointing in the right direction
Miguel
More information about the nylug-talk
mailing list