Re: Which Router as a VPN concentrator
From: Mark Lewis (mark@mjlnet.com)
Date: Tue Aug 03 2004 - 20:12:16 GMT-3
1. Here's a good *starting point* for selecting your router:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/netbr09186a00801f0a72.ht
ml
2. As far as IPsec remote access is concerned, you can just use Cisco VPN
client for your mobile users (Windows native IPsec does not support XAuth,
if I remember correctly, but the Cisco VPN client does of course).
3. IOS routers can terminate L2TP and PPTP tunnels/sessions from Windows
based clients. Windows boxes use L2TP over IPsec and use IKE digital
signature authentication by default, though you can off IPsec/use pre-shared
key authentication if you want (but carefully consider the security
implications before you decide to do that).
HTH.
Mark
CCIE#6280 / CCSI#21051 / etc.
Author: www.ciscopress.com/1587051044
>From: "David Duncon" <david_ccie@hotmail.com>
>Reply-To: "David Duncon" <david_ccie@hotmail.com>
>To: ccielab@groupstudy.com
>Subject: Which Router as a VPN concentrator
>Date: Tue, 03 Aug 2004 20:54:29 +0800
>
>Hi Group,
>
>I got a design requirement where we need to facilitate "encryption"
>of both *ingress* as well as *egress* ecommerce session (may be
>around 400 concurrent sessions) through our Corporate Internet pipe.
>At the moment we got a 2651MX doing the job at Internet perimeter
>and Check Point taking care about the activity behind the 2651MX
>where our DMZs are located. And the requirement is also demands to
>centralize the various VPN client s/w we use and it is all over the
>shop at the moment like Cisco VPN clients (getting terminated on to
>a VPN 3K box) , Check Point secure remote (getting terminated on
>CPNG) and Web enabled NFUSE (serviced by backend Citrix farm)..etc.
>
>I am thinking on following lines and I really appreciate if some one
>point me in the right direction.
>
>Initially we were thinking to deploy a Cisco VPN 3K concentrator to
>service all these "400" odd mobile user IPSec sessions. But later
>because of Layer 8 (political :-) ) and also to certain extent
>costs, we got to deploy a Router instead to the job of both Routing
>as well as VPN concentrator. And we are thinking about a 3600 series
>box as it can be a better VPN concentrator (???) than 2600s and then
>encourage all of our mobile users to use a single client s/w to come
>in the corporate WAN.
>
>Now I am unsure about following aspects.
>
>- What Router is best suited for this task ?
>- Since we are building/proposing a mobile user to Router IPSec
>sessions , what S/W our client machines can use ?
>- Can a Windows based L2TP or PPTP VPN client sessions can be
>terminated on a 3600s Router/VPN concentrator ?
>
>Thanks for any pointers.
>
>David.
>
>_________________________________________________________________
>10,000 children need sponsors � change a life:
>http://ad.au.doubleclick.net/clk;9294008;9739733;y?http://www.worldvision.c
om.au/childsponsorship/search/child_search.asp?om=1
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials
>from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Fri Sep 03 2004 - 07:02:32 GMT-3