- Review Price: £86.21
Small businesses tired of the complexity of IPsec VPNs can take solace from the fact that a number of networking vendors have seen the light and are now delivering very affordable SSL-VPN appliances. Less than a year ago, these security products commanded top dollar prices and targeted large businesses with deep pockets but Linksys’ compact RVL-200 aims to deliver an SSL-VPN solution at a remarkably low price.
IPsec VPNs undoubtedly offer a very secure means of creating encrypted tunnels with remote sites and enabling mobile workers to access the main network. However, for the latter they are nothing less than tedious to set up and configure, making them a very poor choice for small businesses with limited on-site IT expertise. A key feature of SSL-VPNs is that the remote worker just needs to have a web browser loaded to create a secure tunnel over HTTPS so there’s no messing around with complex client utilities, hashing algorithms and lengthy encryption keys.
We’ve already been impressed with Billion’s BiGuard S10 and Netgear’s SSL-312, which both offer an impressive range of features but cost substantially more than the RVL-200. Linksys has managed to pack in a good range of security measures but as you’ll see there are more than a few sacrifices to get the price tag down to double figures. You get a quad of switched Fast Ethernet ports for LAN connections and the single RJ-45 WAN port accepts a suitably equipped cable or ADSL modem. As with Billion’s BiGuard, the RVL-200 incorporates a NAT/SPI firewall so can act as a secure gateway for Internet access – Netgear’s SSL312 doesn’t offer these features and is designed to work alongside an existing firewall.
The web interface is very easy to use and a wizard gets Internet access up and running. From here you select PPPoE, PPTP or dynamic IP addressing or apply a static address to the WAN port. The System Summary page provides plenty of operational information and a large graphic of the appliance shows which ports are active. Beneath this you have details on the LAN and WAN IP addresses plus firewall and intrusion detection status.
A quick glance further down shows why the price tag is so low – the appliance only supports a maximum of five SSL-VPN tunnels. Billion’s S10 supports ten SSL-VPNs, while Netgear can handle up to 25 tunnels. Furthermore, you can only create a single IPsec VPN tunnel with another router for secure site-to-site communications.
For the firewall you can activate NAT and SPI, enable DoS and switch remote management on or off. For the latter you’ll need this activated for SSL-VPNs to work. Bandwidth management features are provided where you manually define the upstream and downstream speeds and apply minimum and maximum rates to specific services. This is easy enough to achieve as a drop-down list provides plenty of predefined services or you can add your own port ranges and protocols. Instead of rate control you can assign one of three priorities to selected services.
Authentication schemes for remote users are as extensive as the competition as the RVL-200 supports a local user database, AD, LDAP, NT domains and RADIUS servers. However, there’s little else to do here apart from setting up a pool of virtual IP addresses for assigning to each user. To keep costs down Linksys really has cut back on the SSL-VPN facilities as you only get a network extender, which creates a secure encrypted tunnel enabling each user full access to all LAN IP-based services. Both Billion and Netgear provide a transport extender, which allows you to control precisely what resources a user can see and a Network Places option that extends access to shared resources on the LAN.
To test the SSL-VPNs we attached a bunch of XP client systems directly to the WAN port thus placing the appliance in between them and the LAN. Pointing a browser at the WAN port address displays a log-in portal and once authenticated an ActiveX control is loaded which creates a virtual network adapter and takes an IP address from the pool you created earlier. Linksys hasn’t created its own network extender but uses the same one as Billion. With the tunnel in place we were able to remotely access any available service on the LAN from our remote clients. We could reach our FTP server, remotely control LAN clients that had Remote Desktop enabled and administer an Iomega NAS appliance running Windows Storage Server 2003.
When you’ve had enough all you do is close the web page portal and the tunnel is broken down and another control automatically loads and cleans up the browser history and cache to leave no trace of the session. The only other security measure you can implement is a time-out counter which will drop the connection after a specified time of inactivity at the remote client.
Linksys is offering a very low cost SSL-VPN appliance that is particularly easy to use. However, the payback is that it only supports a maximum of five tunnels and the network extender doesn’t allow you to restrict access to specific LAN resources.
The home page shows network port status along with quick access to firewall and VPN services.
Plenty of authentication schemes are supported and remote users can have an inactivity timeout applied.
Point a browser at the appliance’s WAN port and the login portal is displayed.
One click and the resources of your LAN are at your disposal.
Here we have a Remote Desktop connection to a PC on the LAN over an SSL-VPN tunnel.
Score in detail