From: Bill Mckenzie (bmckenzie@hotmail.com)
Date: Mon Apr 16 2007 - 17:57:44 ART
The Cisco VPN Concentrator series is End of Sale and moving towards having
the ASA devices cover
all of that functionality.
Bill Mckenzie, CCIE#16725, CCVP
Systems Engineer
Cisco Systems, Inc.
Phone: 614-425-2370
>From: "David Mitchell" <david.mitchell@centientnetworks.com>
>Reply-To: "David Mitchell" <david.mitchell@centientnetworks.com>
>To: "Guyler, Rik" <rguyler@shp-dayton.org>, <cisco@groupstudy.com>,
><ccielab@groupstudy.com>
>Subject: RE: VPN device opinion
>Date: Mon, 16 Apr 2007 16:31:51 -0400
>MIME-Version: 1.0
>Received: from lists.groupstudy.com ([207.44.210.9]) by
>bay0-mc10-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon,
>16 Apr 2007 13:42:24 -0700
>Received: (from sympa@localhost)by lists.groupstudy.com
>(8.12.11.20060308/8.11.6) id l3GKgMLC030226;Mon, 16 Apr 2007 16:42:22 -0400
>Received: from groupstudy.com (www.groupstudy.com [209.51.144.7])by
>lists.groupstudy.com (8.12.11.20060308/8.11.6) with ESMTP id
>l3GKW4Dn030088for <ccielab@lists.groupstudy.com>; Mon, 16 Apr 2007 16:32:04
>-0400
>Received: from groupstudy.com (groupstudy.com [127.0.0.1])by groupstudy.com
>(8.12.11.20060308/8.12.11) with ESMTP id l3GKW7oV014643GroupStudy Mailer;
>Mon, 16 Apr 2007 16:32:07 -0400
>Received: (from listserver@localhost)by groupstudy.com
>(8.12.11.20060308/8.12.11/Submit) id l3GKW7CT014641for ccielabxhiddenx;
>Mon, 16 Apr 2007 16:32:07 -0400
>Received: from smtp3.fuse.net (mail-out3.fuse.net [216.68.8.177]) by
>groupstudy.com (8.12.11.20060308/8.12.11) with ESMTP id l3GKW4Nq014558;
>Mon, 16 Apr 2007 16:32:05 -0400
>Received: from gx5.fuse.net ([72.49.128.165]) by smtp3.fuse.net (InterMail
>vM.6.01.04.04 201-2131-118-104-20050224) with ESMTP id
><20070416203156.CJQY7920.smtp3.fuse.net@gx5.fuse.net>; Mon, 16 Apr 2007
>16:31:56 -0400
>Received: from mail.centientnetworks.com ([72.49.128.165]) by gx5.fuse.net
>with ESMTP id
><20070416203155.RREK18017.gx5.fuse.net@mail.centientnetworks.com>; Mon, 16
>Apr 2007 16:31:55 -0400
>X-Message-Info:
>LsUYwwHHNt2UqMZP8F89WO2IgjbixodGRE+nTSDVRy0+md1b6ZwgKXFoWF6LdNqz
>Content-class: urn:content-classes:message
>Thread-Topic: VPN device opinion
>Thread-Index: AceAZXU2ZZMsRvBbRtyvglQ3UxLaGQAAFadg
>X-MIME-Autoconverted: from quoted-printable to 8bit by groupstudy.com id
>l3GKW4Nq014558
>X-ASK-Info: Whitelist match [from david\.mitchell@centientnetworks\.com]
>(2007/04/16 16:32:07)
>X-Loop: ccielab@groupstudy.com
>X-Sequence: 12314
>Errors-to: ccielab-owner@groupstudy.com
>Precedence: bulk
>X-no-archive: yes
>List-Id: <ccielab.groupstudy.com>
>List-Help: <mailto:sympa@groupstudy.com?subject=help>
>List-Subscribe: <mailto:sympa@groupstudy.com?subject=subscribe%20ccielab>
>List-Unsubscribe:
><mailto:sympa@groupstudy.com?subject=unsubscribe%20ccielab>
>List-Post: <mailto:ccielab@groupstudy.com>
>List-Owner: <mailto:ccielab-request@groupstudy.com>
>Return-Path: ccielab-owner@groupstudy.com
>X-OriginalArrivalTime: 16 Apr 2007 20:42:24.0886 (UTC)
>FILETIME=[BD46A960:01C78067]
>
>Hey Rick,
>
>From a management perspective I really like the VPN Concentrator. It
>has a good graphical interface that shows you the status of all your
>tunnels, bytes in/out, etc. Once you master it, the debugging is also
>very good.
>
>For folks that aren't masters with IPSEC, most of the options are
>menu-driven, and it's easy for non-technical folks to check the status
>of tunnels and log them off as necessary.
>
>I haven't had much experience with non-Cisco gear, but for a large
>number of tunnels or remote-access users, I really like the
>Concentrators.
>
>- Dave
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Guyler, Rik
>Sent: Monday, April 16, 2007 4:24 PM
>To: 'cisco@groupstudy.com'; ccielab@groupstudy.com
>Subject: OT: VPN device opinion
>
>I'm replacing the entire edge network for my organization later this
>year
>and need an opinion from the group.
>
>I have several dozen IPSec VPN tunnels to vendors that terminate
>currently
>on a 3660 router running 12.2T code. While I love using routers for VPN
>work due to their excellent flexibility, I find that managing a large
>number
>of connections is cumbersome and awkward. The inability to nest ACLs or
>create object groups makes the config (from the CLI) just crazy to work
>around in.
>
>I do have the latest version of Cisco Security Manager but don't have it
>up
>and running yet (waiting on the server) to see just how well it can
>manage
>my VPN router. If it's anything like VMS was then I won't likely use it
>for
>managent.
>
>Here are my possible alternatives:
>
>1) Stay with the plan of replacing the 3660 with a pair of 3845s running
>IPSec SSO, etc. and use CSM to manage it
>
>2) Replacing the 3660 with a pair of ASAs instead of the 3845s and use
>CLI,
>CSM or something else to manage it
>
>Either way, I can work through the hassle of it the way it is but I have
>others on my team that are not so comfortable with the CLI so I really
>want
>to use some other type of managent interface for their benefit.
>
>Any advice or opinion on the subject greatly appreciated!
>
>Rik
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:36 ART