From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Mon Apr 16 2007 - 17:23:32 ART
I'm replacing the entire edge network for my organization later this year
and need an opinion from the group.
I have several dozen IPSec VPN tunnels to vendors that terminate currently
on a 3660 router running 12.2T code. While I love using routers for VPN
work due to their excellent flexibility, I find that managing a large number
of connections is cumbersome and awkward. The inability to nest ACLs or
create object groups makes the config (from the CLI) just crazy to work
around in.
I do have the latest version of Cisco Security Manager but don't have it up
and running yet (waiting on the server) to see just how well it can manage
my VPN router. If it's anything like VMS was then I won't likely use it for
managent.
Here are my possible alternatives:
1) Stay with the plan of replacing the 3660 with a pair of 3845s running
IPSec SSO, etc. and use CSM to manage it
2) Replacing the 3660 with a pair of ASAs instead of the 3845s and use CLI,
CSM or something else to manage it
Either way, I can work through the hassle of it the way it is but I have
others on my team that are not so comfortable with the CLI so I really want
to use some other type of managent interface for their benefit.
Any advice or opinion on the subject greatly appreciated!
Rik
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:36 ART