From: David Duncon (david_ccie@hotmail.com)
Date: Tue Aug 03 2004 - 09:54:29 GMT-3
Hi Group,
I got a design requirement where we need to facilitate "encryption" of both
*ingress* as well as *egress* ecommerce session (may be around 400
concurrent sessions) through our Corporate Internet pipe. At the moment we
got a 2651MX doing the job at Internet perimeter and Check Point taking care
about the activity behind the 2651MX where our DMZs are located. And the
requirement is also demands to centralize the various VPN client s/w we use
and it is all over the shop at the moment like Cisco VPN clients (getting
terminated on to a VPN 3K box) , Check Point secure remote (getting
terminated on CPNG) and Web enabled NFUSE (serviced by backend Citrix
farm)..etc.
I am thinking on following lines and I really appreciate if some one point
me in the right direction.
Initially we were thinking to deploy a Cisco VPN 3K concentrator to service
all these "400" odd mobile user IPSec sessions. But later because of Layer 8
(political :-) ) and also to certain extent costs, we got to deploy a Router
instead to the job of both Routing as well as VPN concentrator. And we are
thinking about a 3600 series box as it can be a better VPN concentrator
(???) than 2600s and then encourage all of our mobile users to use a single
client s/w to come in the corporate WAN.
Now I am unsure about following aspects.
- What Router is best suited for this task ?
- Since we are building/proposing a mobile user to Router IPSec sessions ,
what S/W our client machines can use ?
- Can a Windows based L2TP or PPTP VPN client sessions can be terminated on
a 3600s Router/VPN concentrator ?
Thanks for any pointers.
David.
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:31 GMT-3