Re: Which Router as a VPN concentrator

From: David Duncon (david_ccie@hotmail.com)
Date: Wed Aug 04 2004 - 01:04:17 GMT-3

• Next message: David Duncon: "Re: Which Router as a VPN concentrator"
• Previous message: Sam Joseph: "Re: IRB question from IE lab 3 task 1.9"
• Maybe in reply to: David Duncon: "Which Router as a VPN concentrator"
• Next in thread: David Duncon: "Re: Which Router as a VPN concentrator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks, Ian.

I agree VPN 3K box appears to be a better solution and I always remain an
advocate of "modular engineering" and use the boxes for what they designed
for. But unfortunately when the cost cuttings comes in to the picture , we
tend to deploy lot of hybrid solutions on the ground to get the given
project going.

The layer 8 issues which I was referring earlier is that our Security team
wants our Internet Router to do this job so that we Comms engineer need to
worry about deployment and maintenance part of this task. Where as Comms
team wants Security team to deploy a decent "VPN 3K " box and since that box
comes under their Admin control domain, we want them to handle this task.
That is about it I guess :-)

David.

>From: istong@stong.org
>To: "David Duncon" <david_ccie@hotmail.com>, ccielab@groupstudy.com
>Subject: Re: Which Router as a VPN concentrator
>Date: Tue, 03 Aug 2004 13:17:33 -0400
>
>Hi,
>
>Don't have answers to all your questions but would like to
>address some of them.
>
>Not sure what the true layer 8 issues are but I would have
>thought a VPN 3K would be a great solution. The client
>software is free and is supported on multiple Windows and
>Unix platforms.
>Alternatively you could look at a Netscreen (Neoteris) box
>that supports IPSEC and SSL but will cost you several extra
>arms and maybe a leg more than the 3K (which also has SSL
>support but not near as cleanly).
>
>If you are dead set on a router you will need at least a
>3745 I would think.
>
>
>Thanks,
>
>Ian
>http://www.ccie4u.com
>Rack Rentals and Lab Scenarios
>
>
>
> > Hi Group,
> >
> > I got a design requirement where we need to facilitate
> > "encryption" of both *ingress* as well as *egress*
> > ecommerce session (may be around 400 concurrent sessions)
> > through our Corporate Internet pipe. At the moment we got
> > a 2651MX doing the job at Internet perimeter and Check
> > Point taking care about the activity behind the 2651MX
> > where our DMZs are located. And the requirement is also
> > demands to centralize the various VPN client s/w we use
> > and it is all over the shop at the moment like Cisco VPN
> > clients (getting terminated on to a VPN 3K box) , Check
> > Point secure remote (getting terminated on CPNG) and Web
> > enabled NFUSE (serviced by backend Citrix farm)..etc.
> >
> > I am thinking on following lines and I really appreciate
> > if some one point me in the right direction.
> >
> > Initially we were thinking to deploy a Cisco VPN 3K
> > concentrator to service all these "400" odd mobile user
> > IPSec sessions. But later because of Layer 8 (political
> > :-) ) and also to certain extent costs, we got to deploy a
> > Router instead to the job of both Routing as well as VPN
> > concentrator. And we are thinking about a 3600 series box
> > as it can be a better VPN concentrator (???) than 2600s
> > and then encourage all of our mobile users to use a single
> > client s/w to come in the corporate WAN.
> >
> > Now I am unsure about following aspects.
> >
> > - What Router is best suited for this task ?
> > - Since we are building/proposing a mobile user to Router
> > IPSec sessions , what S/W our client machines can use ?
> > - Can a Windows based L2TP or PPTP VPN client sessions can
> > be terminated on a 3600s Router/VPN concentrator ?
> >
> > Thanks for any pointers.
> >
> > David.
> >
> > __________________________________________________________
> > _______ 10,000 children need sponsors  change a life:
> > http://ad.au.doubleclick.net/clk;9294008;9739733
> > ;y?http://www.worldvision.com.au/childsponsorship/search/c
> > hild_search.asp?om=1
> >
> > __________________________________________________________
> > _____________ Please help support GroupStudy by purchasing
> > your study materials from: http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>______________________________________________
>
>Check Your Email From Any Where in the World!
>
>http://www.myemail.com
>
>Tell Your Friends about MyEmail.com!
>______________________________________________
>

• Next message: David Duncon: "Re: Which Router as a VPN concentrator"
• Previous message: Sam Joseph: "Re: IRB question from IE lab 3 task 1.9"
• Maybe in reply to: David Duncon: "Which Router as a VPN concentrator"
• Next in thread: David Duncon: "Re: Which Router as a VPN concentrator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:32 GMT-3