|
SNAPgear's big feature is its powerful VPN capabilities.
While most other routers provide only pass-thru capabilities for
connecting VPN clients, the entire SNAPgear product line
provides PPTP and IPsec endpoint capabilities. What this
basically means is that the SNAPgear boxes set up and manage the
VPN "tunnels" instead of having to use VPN software
at each client.
If you want to set up your own VPN between two office
locations, for example, you just need two SNAPgears... no extra
licenses or options to buy. And if that doesn't get your
attention, maybe the fact that there are no per client or
connection licenses to buy will!
Although all members of the SNAPgear family have
the built-in endpoint capability, there are differences among
the products, summarized in the table below, which I've borrowed
from the SNAPgear Web site:
| |
Model |
| Feature |
LITE |
LITE+ |
SOHO+ |
PRO |
| VPN - PPTP (client & server) |
yes |
yes |
yes |
yes |
| PPTP Tunnels |
4 |
5 |
20 |
40 |
| VPN - IPSec (server and client) |
yes |
yes |
yes |
yes |
| IPSec Tunnels |
10 |
12 |
35 |
70 |
| RAS (dial in) |
|
|
yes |
yes |
| Telnet |
|
|
yes |
yes |
| RADIUS/TACACS+ |
|
|
yes |
yes |
| SNMP |
|
|
yes |
yes |
| Hardware Cryptographic Acceleration |
|
|
|
yes |
| RAM (Mb) |
4 |
4 |
16 |
16 |
| Price |
$249 |
$299 |
$399 |
$549 |
Note that although there is a limit to the number
of tunnels that each product will support, SNAPgear says that
there's no limit to the number of users per tunnel.
NOTE: The IPsec implementation uses the
open source package called FreeS/WAN.
This
page describes interoperability with other IPsec products.
SNAPgear says that they currently do not support ISAKMP (or
IKE) Aggressive
mode, since they believe it to be less secure.
To check things out, I set up the SNAPgear as a
PPTP server, and used the standard Microsoft VPN client to connect
via the Ethernet WAN connection. I had no problems either setting
up the server or the PPTP connection itself. But once I
connected, I wasn't able to browse the remote network via Network
Neighborhood, even though I could ping clients on it. A
call to SNAPgear revealed that neither their PPTP or IPsec
implementation presently supports MS Network browsing.
They know this is a problem, however, and are at work on a solution
other than using LMHOSTS tables, which is their current suggested
workaround.
I was a little surprised at the performance of the
PPTP connection (more below), which was slower that I expected
it to be. SNAPgear told me that even though the PRO has
a security co-processor, it's used only for IPsec, so that may
help explain what I measured.
I didn't try out the IPsec capability because I
didn't have an IPsec client and SNAPgear doesn't provide one as
part of their package. This wouldn't be a problem if you
were a telecommuter connecting into your corporate network, since
your company would be providing the other end of the VPN connection.
But if you had a SNAPgear on your home LAN and wanted to use an
IPsec connection to connect via the dial-in RAS, you'd have to
buy an IPsec client. I'd like to see SNAPgear at least suggest
a client, or offer some sort of a discount deal on one.
Right now, your only option for the scenario above would be to
fall back to using PPTP, since Windows includes a client in each
copy of the OS.
|
