อดิศร ขาวสังข์

การเลือกซ้ือ ADSL Modem¿ชนิดทำ VPN ได้ สำหรับผมแล้วคิดว่าซึือรุ่นที่มีฟังก์ชันและโปรโตคอลต่าง ๆ มาก ๆ ไว้ก่อนดีกว่า เพราะสามารถปรับเปลี่ยนได้มากกว่า

ซึ่งควรจะมีฟังก์ชันทาง VPN ไม่น้อยไปกว่าดังนี้ :
•16 IPSec VPN Tunnels
  8 L2TP VPN Tunnels (Dial-in: 4, Dial-out: 4)
  8 PPTP VPN Tunnels (Dial-in: 4, Dial-out: 4)
• Embedded IPSec & PPTP client/server
• IKE key management
• DES, 3DES and AES encryption for IPSec
• Embedded powerful 3DES accelerator
• MPPE Encryption for PPTP
• L2TP over IPSec
• L2TP/PPTP/IPSec pass-through�

ทางด้าน Firewall ก็ไม่ควรน้อยกว่าฟังก์ชันต่อไปนี้ :
• Built-in NAT firewall
• Stateful Packet Inspection (SPI)
• Prevent DoS attacks including IP Spoofing, Land Attack,
Smurf Attack, Ping of Death, TCP SYN Flooding, etc.
• Packet Filtering – port, source IP address, destination IP
address, MAC address
• URL Content Filtering – string or domain name detection
in URL string

คุณสมบัติที่กล่าวมามีอยู่จริงในผลิตภัณฑ์ นะครับ ราคาก็ไม่แพงมาก

You will see this feature mainly in home (or small office) Internet gateway devices. This is an excellent question because it confuses a lot of folks who don’t know much about the inner workings of VPNs.A SOHO network device that supports VPN will probably support either IPsec, PPTP, L2TP or SSL VPN technologies. This means that the device actually has an implementation of the protocol running on it and can be used to connect to a central server or VPN gateway; therefore, a VPN client would not be required

On the other hand, a SOHO network device that supports VPN pass-thru simply means that it can support “passing through” packets that originate from VPN clients (typically on laptops or PC’s) out through a VPN server on the Internet. A special feature like this is needed because: 1) these SOHO devices are involved with NAT and PAT, 2) VPN protocols like IPsec (the data path is called ESP) doesn’t have a specific port number for the device to multiplex the port address translation back to your laptop or PC 3) that’s why this feature enables some special processing of packets that are IPsec ESP data packets and allows the device to keep a table of active connected VPN tunnels.