Product Reviews

VPN-ing Made Easy

Celestix takes the pain out of virtual networking.

I’ve always felt that Virtual Private Networking (VPN) shouldn’t require a master’s degree or a rocket scientist to set up. Because VPNs are so labor-intensive, managed services have become the norm.

Celestix is trying to change all that with hardware and software that takes the sting and trepidation out of VPN design and installation. The Celestix VPN RAS 3000 is the first appliance-based VPN based on Windows Server 2003.

I’m often chided as not being a “real” engineer because I read the manual before starting. In this case, the installation and design manual for the RAS 3000 is clearly laid out, methodical in approach, and not overwhelming in the steps and time it took to get the unit operational on the first pass. The initial installation was relatively quick, and the software interface clean and easy to use.

The device has an internal hard drive rather than solid-state components. This may be seen as a limitation, but the reality is the mean time between failures for the internal hard dive exceeds the life expectancy of the unit, making the issue moot.

I tested the device on a corporate network and had a few problems dealing with throughput. I also found the device a bit difficult to setup on our gigabit-backbone LAN. The 100 Mbps interface was tricky, but some configuration changes on our T-1 and T-3 lines actually worked out better in the long run.

The RAS 3000 seems designed more for versatility than security. Out of the box, the appliance uses Point-to-Point Tunneling Protocol (PPTP). While considered a lightweight approach, there is also an L2TP/IPSec option. The box also includes dedicated ports to secure wireless LANs.

RAS 3000
The RAS 3000 is a 1U rack mount device
powered by an Intel Pentium III.

Though personal firewall and anti-virus aren’t part of the client installation, companies looking to use this appliance will likely already have their own versions of these tools installed. However, the RAS 3000 features a quarantine control to ensure that clients are equipped with corporate standard anti-virus, personal firewall, and standard operating systems software.

A Web interface comes preinstalled on the unit and was a pleasure to work with. Software updates are handled as maintenance releases and can be downloaded and installed (or uninstalled) as needed.

There’s a level of control that’s much better than on most other units. Policies can be used to dictate access for things like extranet clients and port settings. I easily limited Kazaa traffic through policies and traffic monitoring. I was also able to give only the network administrators access to terminal services, while blocking all other access.

The bottom line is convenience and ease of use. Though some things are lacking that you might expect to see in an appliance—like a firewall and anti-virus software—the versatility this unit provides, along with the easy to use interface, make it a dream to install and work with. The RAS 3000 adds great value to the core routing technology of Windows 2003, especially through alerts and monitoring capabilities. The best news is the RAS 3000 system comes pre-hardened and optimized for VPN. The box comes packaged with enough licenses for 1,000 concurrent users.

For small- to medium-sized businesses, my advice is to run, not walk, to your nearest dealer and get one of these units. In the quest for a VPN solution that’s easy to set up, quickly operational, easy to manage and has a built-in interface that can’t be beat, the RAS 3000 is hands-down the best appliance based solution I’ve seen.

About the Author

Diane Pencil, MCSE, is Manager of IT Operations and Desktop Services for the Relizon Company in Dayton, Ohio. She also teaches Microsoft certification classes at Sinclair Community College.

comments powered by Disqus

Reader Comments:

Sun, Oct 17, 2010 VPN China

Your must have a Account in to use vpn service

Thu, Apr 8, 2004 Anonymous Anonymous

Good stuff. Not many Windows centric solutions like this out there. Definitely takes the pain out of setting up your own HW Servers and SW installations

Thu, Apr 8, 2004 peer closer than you think

This is a terrible review. This person has no clue what she is talking about and to say that this was tested on a corporate LAN with changes to the T1 & T3 is proposterous!! Lies - all lies.


Its a Wonderful dvice that really Helps to sort out big complex problem anyways Guys Keep up the Good work !
Yours Sincerely ASIF ASMAL

Sun, Apr 4, 2004 Anonymous Anonymous

we have been using a ras3000 for a while. we have about 200 remote users (winxp). the complaint I usually get is "why weren't we using this before"? it's a nifty little appliance; so far, so good!

Wed, Mar 31, 2004 Anonymous Anonymous

Wow. This is really cool! I didn't know something like this existed. I can see where this would have an advantage in a MS network. Also, it looks pretty (like a stereo component almost). Can anyone out there using one comment?

Tue, Mar 30, 2004 Anonymous Anonymous

good review

Mon, Mar 29, 2004 Anonymous Anonymous

Very informative review. It seems like THE product for Microsoft centric enterprises. It happens to be lot cheaper than anything on the market, like those from Cisco, Check Point, etc.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.