Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   IPSec VPN and adsl routers (http://www.velocityreviews.com/forums/t379508-ipsec-vpn-and-adsl-routers.html)

jas0n 10-31-2006 11:49 PM

IPSec VPN and adsl routers
 
We use XP SP2 clients with Cisco vpn client software v4.01.

Remote sites are usally setup with a Cisco 837 adsl router, either setup
with box-box vpn to head office or as a standard nat'd router if it is
shared with others not from our company. When setup as nat'd router the
remote users each use the vpn client software to connect back to head
office.

We are starting to have a lot of small 1-3 man remote sites wich are
temporary in nature and dont warrant the cost/setup of an 837.

The problem we are finding is with basic routers not supporting more
than 1 vpn client connection back to head office - as far as I can find
out the 837's allow upto 10 concurrent vpn sessions.

I am trying to understand the marketing babble to find the cheaper basic
routers that will support more of these type of vpn's.

So, using a cisco client software connection which is setup for ipsec
over udp what is the correct terminology when looking for a router that
supports multiple concurrent sessions of this type?

I am looking for something that supports approx 5-8 which would cover
most, if not all of these smaller sites.


Uli Link 11-01-2006 01:06 PM

Re: IPSec VPN and adsl routers
 
jas0n schrieb:
> We use XP SP2 clients with Cisco vpn client software v4.01.
>
> Remote sites are usally setup with a Cisco 837 adsl router, either setup
> with box-box vpn to head office or as a standard nat'd router if it is
> shared with others not from our company. When setup as nat'd router the
> remote users each use the vpn client software to connect back to head
> office.
>
> We are starting to have a lot of small 1-3 man remote sites wich are
> temporary in nature and dont warrant the cost/setup of an 837.
>
> The problem we are finding is with basic routers not supporting more
> than 1 vpn client connection back to head office - as far as I can find
> out the 837's allow upto 10 concurrent vpn sessions.
>
> I am trying to understand the marketing babble to find the cheaper basic
> routers that will support more of these type of vpn's.
>
> So, using a cisco client software connection which is setup for ipsec
> over udp what is the correct terminology when looking for a router that
> supports multiple concurrent sessions of this type?
>
> I am looking for something that supports approx 5-8 which would cover
> most, if not all of these smaller sites.
>


If the IPsec is done by the clients instead of the router you can use a
Soho97 instead of the 837. The main difference is the lack of 3DES
hardware encryption, you don't need, if encryption is done client-side.

--
Uli

stephen 11-01-2006 09:18 PM

Re: IPSec VPN and adsl routers
 
"Uli Link" <VonRechts.NachLinks@usenet.arcornews.de> wrote in message
news:45489bc3$0$30316$9b4e6d93@newsspool1.arcor-online.net...
> jas0n schrieb:
> > We use XP SP2 clients with Cisco vpn client software v4.01.
> >
> > Remote sites are usally setup with a Cisco 837 adsl router, either setup
> > with box-box vpn to head office or as a standard nat'd router if it is
> > shared with others not from our company. When setup as nat'd router the
> > remote users each use the vpn client software to connect back to head
> > office.
> >
> > We are starting to have a lot of small 1-3 man remote sites wich are
> > temporary in nature and dont warrant the cost/setup of an 837.
> >
> > The problem we are finding is with basic routers not supporting more
> > than 1 vpn client connection back to head office - as far as I can find
> > out the 837's allow upto 10 concurrent vpn sessions.


Try using TCP encap on the VPN link (only done this on VPN 3ks, so may not
be directly applicable).

each translation on the NAT router should be kept separate as they are
different TCP links.

only drawback is that if perf really drops off for a user, it doesnt recover
very quickly.
> >
> > I am trying to understand the marketing babble to find the cheaper basic
> > routers that will support more of these type of vpn's.
> >
> > So, using a cisco client software connection which is setup for ipsec
> > over udp what is the correct terminology when looking for a router that
> > supports multiple concurrent sessions of this type?


"Cisco" ? :)
> >
> > I am looking for something that supports approx 5-8 which would cover
> > most, if not all of these smaller sites.
> >

>
> If the IPsec is done by the clients instead of the router you can use a
> Soho97 instead of the 837. The main difference is the lack of 3DES
> hardware encryption, you don't need, if encryption is done client-side.
>
> --
> Uli

--
Regards

stephen_hope@xyzworld.com - replace xyz with ntl




All times are GMT. The time now is 05:31 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.