The requirements for the shared firewall are:
-stability
-high availability
-scalability (separate rules for hundreds of customers)
VPN concentration currently requires:
-dozens of simultaneous L2TP/PPTP clients (using OS built-in Dial-up VPN networking), auth via RADIUS; preferably each L2TP/PPTP client could be associated with a VLAN to access (via RADIUS), but filter or access-list per user may work also.
I'm looking at Altiga/Cisco VPN concentrator to terminate PPTP sessions; or maybe just use a PIX.
|