Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Dreytek 2600 vs Cisco PIX 500

Reply
Thread Tools

Dreytek 2600 vs Cisco PIX 500

 
 
Simon Watson
Guest
Posts: n/a
 
      09-21-2004
Hi Guys

My Client has currently Pix 506 & 501's at their remote sites and are
looking to setup IPSEC VPN tunnels between the remote site (using xdsl) and
the central site that has a PIX 515.

They have Five other sites that they want to connect to the main site via
VPN, but they have been informed that instead of buying Pix 500's they
should buy DreyTek 2600 ADSL routers for the remote sites as they are a
fraction of the cost of a PIX & they can support 16 VPN tunnels.

Has anyone used the Dreyteks ?? I'm trying to dig up dirt to try and disuade
them from buying these instead of PIX's. Do anyone knows of any performance
issues with these Dreytek boxes.

Thanks

Simon.


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      09-21-2004
In article <sMK3d.3869$(E-Mail Removed)>,
Simon Watson <(E-Mail Removed)> wrote:
:My Client has currently Pix 506 & 501's at their remote sites and are
:looking to setup IPSEC VPN tunnels between the remote site (using xdsl) and
:the central site that has a PIX 515.

xDSL is not often used for point-to-point, so these sites are on the
Internet, right? Even if they only ever want to communicate between
the client's sites, and never want those remote sites to be able to
surf or kazaa or whatever, they have full Internet connections, no?


:They have Five other sites that they want to connect to the main site via
:VPN, but they have been informed that instead of buying Pix 500's they
:should buy DreyTek 2600 ADSL routers for the remote sites as they are a
:fraction of the cost of a PIX & they can support 16 VPN tunnels.

ADSL routers... ummm, they might handle VPN tunnels, but how well do they
handle security? How well can they be configured to keep out intruders,
and to automatically open security pinholes on an as-needed basis?
Are they "statefull packet inspection" (SPI), to use the current
marketting term? And if they are, what protocols are they SPI for?

Do they have decent syslog-able logs that can be used to trace
connections, whether legit or intrusion? If one of the workstations
cannot get through to somewhere, are the logs detailed enough to figure
out what is going on? If you have initial trouble with the IPSec connection,
does it have good debug features to allow you to track the connection
progress? And when your IPSec connection gets jammed (as it -will- at
some point), can you get at enough of the state to figure out what is
stuck?

Can the DreyTek's be configured by pushing in new text-based configs,
so that you can do sensible remote config management? Can you do useful
snmp monitoring of them?


I'm not saying that DreyTek is weak in any of these areas: I'm suggesting
these as topics of comparison. I tend not to expect very much of inexpensive
ADSL "routers".
--
Inevitably, someone will flame me about this .signature.
 
Reply With Quote
 
 
 
 
paul blitz
Guest
Posts: n/a
 
      09-21-2004
We are seriously considering a Draytek 2600 series device for a remote new
site.

Why?

1) user friendly web interface
2) easy to understand, step-by-step docs (which include notes for setting up
VPSns to Pix, MicroSoft VPN servers etc)
3) I've heard good things from other companies using them for VPNs from home
users
4) price

If you are a die-hard cisco engineer, then you'll be able to set up a pix in
your sleep. The rest of us mere mortals have problems, and the Draytek seems
orders of magnitude easier to set up.

The Draytek 2600 has inbuilt ADSL, inbuilt stateful-inspection firewall,
NAT, VPN. Ok, maybe the firewall side is possibly NOT quite as good as a Pix
(of course, it COULD be better!), but for most uses, is that really likely
to be a major issue?


paul

"Simon Watson" <(E-Mail Removed)> wrote in message
news:sMK3d.3869$(E-Mail Removed)...
> Hi Guys
>
> My Client has currently Pix 506 & 501's at their remote sites and are
> looking to setup IPSEC VPN tunnels between the remote site (using xdsl)

and
> the central site that has a PIX 515.
>
> They have Five other sites that they want to connect to the main site via
> VPN, but they have been informed that instead of buying Pix 500's they
> should buy DreyTek 2600 ADSL routers for the remote sites as they are a
> fraction of the cost of a PIX & they can support 16 VPN tunnels.
>
> Has anyone used the Dreyteks ?? I'm trying to dig up dirt to try and

disuade
> them from buying these instead of PIX's. Do anyone knows of any

performance
> issues with these Dreytek boxes.
>
> Thanks
>
> Simon.
>
>



 
Reply With Quote
 
paul blitz
Guest
Posts: n/a
 
      09-21-2004
> xDSL is not often used for point-to-point, so these sites are on the
> Internet, right?


A *LOT* of people are using ADSL for business links... in many cases, it
works VERY well, and is very cost-effective. As long as it is done
*intelligently*, and they accept that SOME ADSL link may NOT be suitable (eg
due to local congestion)

> Even if they only ever want to communicate between
> the client's sites, and never want those remote sites to be able to
> surf or kazaa or whatever, they have full Internet connections, no?


....And, as you say, gives a local internet connection too


> ADSL routers... ummm, they might handle VPN tunnels, but how well do they
> handle security? How well can they be configured to keep out intruders,
> and to automatically open security pinholes on an as-needed basis?


Take a look at one of the Draytek sites, you might be suprised at what these
boxes include. Main site is at www.draytek.co.tw, you'll find local sites
linked.

> Are they "statefull packet inspection" (SPI), to use the current
> marketting term? And if they are, what protocols are they SPI for?


Indeed they are.

> Do they have decent syslog-able logs that can be used to trace
> connections, whether legit or intrusion?


I believe they do.

> Can the DreyTek's be configured by pushing in new text-based configs,
> so that you can do sensible remote config management?


For this sort of config, I think you'll find the web interface is quite
adequate

> Can you do useful snmp monitoring of them?


Yes, snmp is on the feature list... but, lets be honest, in *small*
businesses, how many bother with snmp monitoring? Not many in my experience!

> I'm not saying that DreyTek is weak in any of these areas: I'm suggesting
> these as topics of comparison. I tend not to expect very much of

inexpensive
> ADSL "routers".


Very valid things to look at. I started looking at Draytek for home use (to
replace a USR 8003, which also has staeful inspection firewall, but has a
web interface that is even LESS comprehensible than a cisco... and no useful
docs either) and was amazed at the features included for the price. At some
point I was visiting a customer, who had loads of them installed for home
workers, and they were very impressed with them, how reliable they seemed to
be, and how simple they were to install & configure.

Lets be brutally honest: cisco kit is excellent kit - if you understand it -
but a lot of the low end stuff is very dated, where the opposition have
leaped ahead in user-interface improvements etc.

I end by saying I have NOTHING at all to do with Draytek. We have several
cisco products at work... but are seriously considering a Draytek as it
seems to do what we want, and a very good price.



Paul Blitz
Centia
England


 
Reply With Quote
 
Simon Watson
Guest
Posts: n/a
 
      09-21-2004
Thanks for your input

"paul blitz" <(E-Mail Removed)> wrote in message
news:415006ab$0$20250$(E-Mail Removed). net...
> We are seriously considering a Draytek 2600 series device for a remote new
> site.
>
> Why?
>
> 1) user friendly web interface
> 2) easy to understand, step-by-step docs (which include notes for setting

up
> VPSns to Pix, MicroSoft VPN servers etc)
> 3) I've heard good things from other companies using them for VPNs from

home
> users
> 4) price
>
> If you are a die-hard cisco engineer, then you'll be able to set up a pix

in
> your sleep. The rest of us mere mortals have problems, and the Draytek

seems
> orders of magnitude easier to set up.
>
> The Draytek 2600 has inbuilt ADSL, inbuilt stateful-inspection firewall,
> NAT, VPN. Ok, maybe the firewall side is possibly NOT quite as good as a

Pix
> (of course, it COULD be better!), but for most uses, is that really likely
> to be a major issue?
>
>
> paul
>
> "Simon Watson" <(E-Mail Removed)> wrote in message
> news:sMK3d.3869$(E-Mail Removed)...
> > Hi Guys
> >
> > My Client has currently Pix 506 & 501's at their remote sites and are
> > looking to setup IPSEC VPN tunnels between the remote site (using xdsl)

> and
> > the central site that has a PIX 515.
> >
> > They have Five other sites that they want to connect to the main site

via
> > VPN, but they have been informed that instead of buying Pix 500's they
> > should buy DreyTek 2600 ADSL routers for the remote sites as they are a
> > fraction of the cost of a PIX & they can support 16 VPN tunnels.
> >
> > Has anyone used the Dreyteks ?? I'm trying to dig up dirt to try and

> disuade
> > them from buying these instead of PIX's. Do anyone knows of any

> performance
> > issues with these Dreytek boxes.
> >
> > Thanks
> >
> > Simon.
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PWR-2600-AC 2600 power supply to switch over a DC router? dehusk@gmail.com Cisco 2 08-09-2008 10:47 PM
Dreytek 2600VG Voip ports connections Dave UK VOIP 2 01-11-2006 12:56 PM
PIX log reporting 169.254.126.114/500 dst outside:192.168.100.2/500 hoser Cisco 2 04-15-2005 05:22 PM
stack overflow just because of a double array[500][500]? James C++ 2 11-03-2004 09:05 AM
Cisco 837 > Pix > 2600 Fatman Superstar Cisco 0 11-16-2003 07:03 PM



Advertisments