For the firewall you can activate NAT and SPI, enable DoS and switch remote management on or off. For the latter you’ll need this activated for SSL-VPNs to work. Bandwidth management features are provided where you manually define the upstream and downstream speeds and apply minimum and maximum rates to specific services. This is easy enough to achieve as a drop-down list provides plenty of predefined services or you can add your own port ranges and protocols. Instead of rate control you can assign one of three priorities to selected services.
Authentication schemes for remote users are as extensive as the competition as the RVL-200 supports a local user database, AD, LDAP, NT domains and RADIUS servers. However, there’s little else to do here apart from setting up a pool of virtual IP addresses for assigning to each user. To keep costs down Linksys really has cut back on the SSL-VPN facilities as you only get a network extender, which creates a secure encrypted tunnel enabling each user full access to all LAN IP-based services. Both Billion and Netgear provide a transport extender, which allows you to control precisely what resources a user can see and a Network Places option that extends access to shared resources on the LAN.
To test the SSL-VPNs we attached a bunch of XP client systems directly to the WAN port thus placing the appliance in between them and the LAN. Pointing a browser at the WAN port address displays a log-in portal and once authenticated an ActiveX control is loaded which creates a virtual network adapter and takes an IP address from the pool you created earlier. Linksys hasn’t created its own network extender but uses the same one as Billion. With the tunnel in place we were able to remotely access any available service on the LAN from our remote clients. We could reach our FTP server, remotely control LAN clients that had Remote Desktop enabled and administer an Iomega NAS appliance running Windows Storage Server 2003.
When you’ve had enough all you do is close the web page portal and the tunnel is broken down and another control automatically loads and cleans up the browser history and cache to leave no trace of the session. The only other security measure you can implement is a time-out counter which will drop the connection after a specified time of inactivity at the remote client.
Linksys is offering a very low cost SSL-VPN appliance that is particularly easy to use. However, the payback is that it only supports a maximum of five tunnels and the network extender doesn’t allow you to restrict access to specific LAN resources.