Advanced Linux Firewalling question

[Thorin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have been presented with a unique challenge to design a Linux
firewall/VPN solution.  My goal is to protect 14 locations and
provide for active WAN failover for two or three of the locations. 
Additionally, the solution should allow VPN connectivity between
internet-connected sites and handle remote user authentication for
access to the Internal networks... 

I know I can hack together a solution that would meet most of the
objectives using netfilter or chains, IPSEC, and some advanced
routing configs. Honestly though, I'm hoping this has been done
before...

I'm inclined to run with Nokia boxes for the high-availability
locations but was curious if anyone had seen any solid Linux based
solutions with similar functionality?  The IT shop is small so the
ability to centralize Admin/Reporting/Control is also a major factor.

Any comments would be appreciated.

- --Thorin


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBOpSgMfPIThw7+ik2EQKJTQCgx5GtalpytWaOkg+N+4EImIBRgIIAnj2a
xKKwEeUyGxGBf9fP6sJScDgM
=3z+K
-----END PGP SIGNATURE-----


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).