Aventail VPN V2.71 Lets Employees Into the Network

HANDS ON

Where firewall systems are designed to keep people out of your network, virtual private networks (VPN) are intended to let the right people in. A VPN server, along with a VPN client, provides a secure data connection from an internal, Internet-connected data network to specific external, Internet-connected client workstations.

Using a VPN involves encrypting data before sending it through the public network and decrypting it at the receiving end. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses. VPN software, such as Aventail’s VPN V2.71, provides network managers with the flexibility of using several authentication methods, support for Windows NT groups, credential integrity and VPN-on-Demand.

Aventail VPN provides authentication using several methods, ranging from simple passwording to SecurID from Security Dynamics Technologies Inc. (Bedford, Mass., www.securitydynamics.com). Additional authentication methods include CHAP, RADIUS, SSL, DES, MD4, MD5, SHA-1 and RC4. Specific user lists can be tied into an existing Windows NT Server domain structure, Novell Inc. IntranetWare Bindery or Novell Directory Services (NDS) for username and password authentication.

Workstations configured to run the Aventail VPN client are required to authenticate with the Aventail VPN server. This enforced authentication using a transparent client is unlike earlier VPN and tunneling products where the client had to manually set up the connection each time.

A VPN can easily replace or augment a remote access server (RAS). Instead of supporting modems, phone lines, ISDN connections and all the hassles connected with a RAS, we used Aventail’s VPN in place of a RAS and had users dial in via a local Internet service provider (ISP). We found the VPN easier to manage than our RAS.

The Aventail VPN server for Windows NT requires an Intel x86 processor, at least 32 MB of RAM, the TCP/IP protocol and a nominal amount of free disk storage. The VPN client supports all Windows platforms, Sun Solaris, Linux and BSD/OS. The software installation for both is fairly straightforward and includes a "Quick Start" guide to get your VPN server up and running. We were able to install, configure and use the server and client in a firewalled Windows NT server environment quickly and easily. Since we installed this system inside the firewall, and on a different system from the firewall, we had to modify the firewall's configuration to allow traffic to and from the VPN server. This step could be eliminated by installing VPN server on the firewall itself.

We found the Aventail VPN server installation to require very little knowledge of the network and VPN software, and the process took less than an hour. The VPN client only required us to know the host name and IP address of the VPN server, along with the domain name and information about incoming or outgoing traffic. This configuration file needs to be created only once and can be distributed to all users.

In our tests we loaded both the VPN client and server and accessed a Microsoft Domain network as well as a Novell NDS network. We ran the pcAnywhere communications utility from Symantec Corp. (Cupertino, Calif., www.symantec.com) to manage the servers; before using the VPN, we were blocked from using pcAnywhere by the firewall. We were able to browse through and access network files, and generally do anything that we could have done with a client workstation attached to the home network; without the VPN, we had no access whatsoever.

Larger ISPs have been offering VPN connectivity for quite some time. Because VPNs have been characterized as difficult to configure and manage, many administrators have chosen to rely on ISPs for this service. However, VPN services from ISPs are notoriously overpriced. Avential’s software package, on the other hand, provides a cost-effective means to building your own VPN server.

We found Aventail's VPN software for Windows NT to be an excellent choice for direct Internet connectivity to a private network. This software has taken many of the headaches out of setting up a VPN, bringing a new level of usability for both the network administrator and the end user. The VPN client makes accessing a private network transparent, fast and easy.

Aventail VPN V2.71
Aventail Corp.
Seattle
(888) 762-5785
www.aventail.com
Price: $7,995.
+ Easy installation.
+ Less expensive than ISP-provided VPNs.
+ Several authentication methods.
- Requires knowledge of VPN to setup and maintain