Re: Which Router as a VPN concentrator

From: istong@stong.org
Date: Tue Aug 03 2004 - 14:17:33 GMT-3

• Next message: ccie2be: "Alarming error message"
• Previous message: john matijevic: "RE: CCIE R&S #13732 =0)"
• Maybe in reply to: David Duncon: "Which Router as a VPN concentrator"
• Next in thread: Mark Lewis: "Re: Which Router as a VPN concentrator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Don't have answers to all your questions but would like to
address some of them.

Not sure what the true layer 8 issues are but I would have
thought a VPN 3K would be a great solution. The client
software is free and is supported on multiple Windows and
Unix platforms.
Alternatively you could look at a Netscreen (Neoteris) box
that supports IPSEC and SSL but will cost you several extra
arms and maybe a leg more than the 3K (which also has SSL
support but not near as cleanly).

If you are dead set on a router you will need at least a
3745 I would think.

Thanks,

Ian
http://www.ccie4u.com
Rack Rentals and Lab Scenarios

> Hi Group,
>
> I got a design requirement where we need to facilitate
> "encryption" of both *ingress* as well as *egress*
> ecommerce session (may be around 400 concurrent sessions)
> through our Corporate Internet pipe. At the moment we got
> a 2651MX doing the job at Internet perimeter and Check
> Point taking care about the activity behind the 2651MX
> where our DMZs are located. And the requirement is also
> demands to centralize the various VPN client s/w we use
> and it is all over the shop at the moment like Cisco VPN
> clients (getting terminated on to a VPN 3K box) , Check
> Point secure remote (getting terminated on CPNG) and Web
> enabled NFUSE (serviced by backend Citrix farm)..etc.
>
> I am thinking on following lines and I really appreciate
> if some one point me in the right direction.
>
> Initially we were thinking to deploy a Cisco VPN 3K
> concentrator to service all these "400" odd mobile user
> IPSec sessions. But later because of Layer 8 (political
> :-) ) and also to certain extent costs, we got to deploy a
> Router instead to the job of both Routing as well as VPN
> concentrator. And we are thinking about a 3600 series box
> as it can be a better VPN concentrator (???) than 2600s
> and then encourage all of our mobile users to use a single
> client s/w to come in the corporate WAN.
>
> Now I am unsure about following aspects.
>
> - What Router is best suited for this task ?
> - Since we are building/proposing a mobile user to Router
> IPSec sessions , what S/W our client machines can use ?
> - Can a Windows based L2TP or PPTP VPN client sessions can
> be terminated on a 3600s Router/VPN concentrator ?
>
> Thanks for any pointers.
>
> David.
>
> __________________________________________________________
> _______ 10,000 children need sponsors  change a life:
> http://ad.au.doubleclick.net/clk;9294008;9739733
> ;y?http://www.worldvision.com.au/childsponsorship/search/c
> hild_search.asp?om=1
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing
> your study materials from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
______________________________________________

Check Your Email From Any Where in the World!

http://www.myemail.com

Tell Your Friends about MyEmail.com!
______________________________________________

• Next message: ccie2be: "Alarming error message"
• Previous message: john matijevic: "RE: CCIE R&S #13732 =0)"
• Maybe in reply to: David Duncon: "Which Router as a VPN concentrator"
• Next in thread: Mark Lewis: "Re: Which Router as a VPN concentrator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:32 GMT-3