Dmitry,

First let me say that since the question "will you support tunnel VPN" is not well formed because using VPN means creating a VPN tunnel whether you use hardware or software solutions, I would recommend calrifying with your client what he means before worrying too much about the exact implementation.

For hardware VPN to be used it is necessary that the hardware on both ends be compatible. To make life easy this usually means it should be at least from the same vendor and preferable in the same product line. If your customer is using one of the Cisco 1800 series rounters, then it will work best if you use a Cisco 1800 series router as well, although they might be different models in that line. Some of the small SOHO routers like Linksys support hardware VPN connections that work adequately for a small number of connections to a similar Linksys router, but you will likely develop a headache and high blood pressure trying to get it to work with another brand on the remote end.

One thing I forgot to mention is that if you use hardware VPN, then folks on the other end of the tunnel can browse your network as well. So you better have your security ducks lined up. E.g.: No "convenience" shares visible to "everyone" unless you don't care if other folks access them (including shared printers), and no network based appliances like multi-media sharing devices, printers or print servers, network drives, etc. with open access unless you trust them to not fool with them. The trust has to work two ways with hardware VPN, whereas by default software VPN imposes much more severe limits on what can be accessed on your computer and network by users on the remote network. There are ways of limiting this with fancier routers, but not in simpler ones and not if the remote party has control of the appliance on your end.

Personally, if there is not a good reason for using a hardware VPN, I would stick with client software just for security reasons. Good reasons might be that the remote end needs to access shares/devices on your network or that more than one computer on your network needs to access the remote network. Hardware VPN is most often used between a remote office with multiple computers and a central office where various servers and shared resources live. There are other reasons to go to hardware, but in my experience those are the two biggies.

...Jim

>Jim,
>
>Thank you very much for a detailed and very helpful message.
>
>If I may clarify something, please. When you say "hardware VPN appliances on both ends", what specific hardware I (the client) would need to have? What I have now is a standard Linksys router connected to a DSL modem. Would this (the Linksys router) be the "hardware" for the VPN tunnel?
>
>You understood my question and issue exactly. I also wanted to add that the customer asked me, "will you support tunnel VPN". So before I say to them Yes or No (I can always say No and use client VPN), I need to understand that if I say Yes, I will be able to live with it.
>
>Again, thank you for your help.