Corporate.Net
Private Dial-Up Networking Gets a Virtual Workout
By Mike Fratto
Giving remote users access to resources on your local network poses some difficult management problems. Virtual Dial-up Private Networks (VDPN) may give you an alternative to supporting your own remote-access modem pool. Not only can you let users dial into a local Internet service provider (ISP), saving you long-distance charges, you can offer multiple protocols as well.
Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F) both direct Point-to-Point Protocol (PPP) traffic from the Network Access Server (NAS), the dial-up modem racks or ISP, to the home gateway that accepts PPTP or L2F connections on the destination LAN. However, neither protocol makes any provision for data encryption o
r user authentication; they simply forward packets from the NAS to the home gateway (see "Internet-Based Multiprotocol Remote Access," April 15, page 130).
 To view the Report card.
In Network Computing's Syracuse University lab, we tested five remote-access servers for VDPNs that support PPTP and L2F. While concentrating on PPTP and L2F, we looked at the reporting features about the tunnels themselves, such as current status, up time and whether the home gateway was visible.
We also were interested in authorization methods (also known as call routing) and any reporting of the user's connections beyond start and stop times. The reporting and logging of VDPN connections was consistent across all of the products tested with no single product providing superior services. As expected from new protocols, there is little reporting of VDPN-specific
attributes. As these products roll out, watch for enhancements to the VDPN management set. Nearly all the products tested showed less than a two-second difference in the FTP transfer times between PPP and VDPN (PPTP or 12F). The notable exception is U.S. Robotics' Total Control Enterprise Network Hub, which showed as much as a seven-second increase in the FTP transfer when using PPTP compared to PPP.
In our tests, Cisco Systems' AS5200 Universal Access Server and Shiva Corp.'s LanRover Access Switch made the greatest stretch to the finish line. Both exhibited excellent throughput under a heavy load and offer many features that will add value to your corporate remote-access solution. Showing a little flexibility, Microcom's Access Integrator demonstrated unique versatility by being the only product to tunnel both PPTP and L2F. U.S. Robotics' Total Control Enterprise Network Hub and 3Com Corp.'s AccessBuilder 5000 Enterprise LAN/WAN Switch round out the products tested. U.S. Robotics' hub's ability to dynam
ically tunnel PPTP based on user name edged out 3Com's AccessBuilder, the other PPTP-only server.
Ascend Communications is missing from this roundup because it didn't have a product ready
for this review. Although Microsoft Corp. pioneered PPTP, it didn't have an entry for our tests because the company is focusing on client-to-server and server-to-server VPN connectivity. Microsoft is leaving the task of terminating the modem connections and initiating PPTP connections on behalf of the users to remote access vendors.
Cisco Systems AS5200 Universal Access Server
 The AS5200 takes top honors because it comes with an array of features--including support for the Remote Authentication Dial-In User Service (RADIUS), Simple Network Management Protocol (SNMP), Terminal Access Controller Access Control System Plus (TACACS+) and detailed debugging tools--that enhance not only the remote-access ser
vice, but the tunneling process as well. During the initial L2F installation, and while setting up Microcom Access Integrator and Shiva LanRover Access Switch, the debug tools available in Cisco's Internetwork Operating System (IOS) proved invaluable. You can look at L2F events and errors to test your tunnel setup. For all L2F-enabled devices, we easily ensured that the NAS was authenticating properly.
Setting up the L2F tunneling is straightforward and simple. The IOS treats the L2F tunnel like any other interface, complete with its own interface template and configuration parameters. These capabilities let you exercise the same kind of control over the L2F tunnels as you would over an Ethernet port.
To download an Adobe Acrobat .pdf format version of the Virtual Private Network Dial-Up Features chart, click here.
|
REPORTS
ANALYTICS
Follow 
