«

Hi there!

I just wanted to get some advice.

I have to set up 10 dial-up-VPNs (IPSec) to our corporate network. The
available Hardware Platform is a Juniper NS5GT with which I have no
experience at all.
On the other hand I could use a Cisco ASA Appliance (probably the 5505).

So could you please give me some pros and cons about the two systems? I
would really appreciate it.

Thanks....Andy

P.S. I have some Cisco experience (CCNA Level)

* Andreas Heinzelmann wrote:
> So could you please give me some pros and cons about the two systems? I
> would really appreciate it.

Choose the system you can work with. Your Cisco IOS experience is not that
helpful on ASA, but it might cut down the learning step.

Andreas Heinzelmann <> wrote:
> Hi there!
>
> I just wanted to get some advice.
>
> I have to set up 10 dial-up-VPNs (IPSec) to our corporate network. The
> available Hardware Platform is a Juniper NS5GT with which I have no
> experience at all.
> On the other hand I could use a Cisco ASA Appliance (probably the 5505)..

The 5GT might be just a bit too small for the task, since the standard
license only gives you 10 tunnels to work with. So if you plan to expand
on the number of tunnels in the near future you either need an extended
license for the box, or a bigger box with higher limits.

The 5GTs basically come in 3 flavors:

License Users Sessions Tunnels
10-user 10 2000 10
Plus unlim 2000 10
Extd. unlim 4000 25

("get license" on the cli will get you the license and limits on the box)

If you plan to do granular acls you might also hit the 5GT limit of 100
acls.

> So could you please give me some pros and cons about the two systems? I
> would really appreciate it.

Myself, I find the PIX syntax somewhat arcane and unintuitive. YMMV
though. The Netscreens are IMHO straight forward to configure. But as
Lutz wrote, use the box you can work with best _and_ that fits the
requirements.

> Thanks....Andy

Ciao Chris
--
All diese Momente werden verloren sein in der Zeit, so wie Tränen im Regen
Dipl-Ing (FH) Christian 'Dr. Disk' Hechelmann <> IRC: DrDisk
GPG Fingerprint: 53BF634B 28326F92 79651A15 F84ABB55 4F068E4E
Ich finde, scharfe Waffen und "Feuer nach eigenem Ermessen" sollte zum
Adminjob dazugehören. [Lars Marowsky-Bree in d.a.s.r]

writes:
>Andreas Heinzelmann <> wrote:
>> Hi there!
>>=20
>> I just wanted to get some advice.
>>=20
>> I have to set up 10 dial-up-VPNs (IPSec) to our corporate network. The
>> available Hardware Platform is a Juniper NS5GT with which I have no
>> experience at all.
>> On the other hand I could use a Cisco ASA Appliance (probably the 5505)=
>.

>The 5GT might be just a bit too small for the task, since the standard
>license only gives you 10 tunnels to work with. So if you plan to expand
>on the number of tunnels in the near future you either need an extended
>license for the box, or a bigger box with higher limits.

FWIW: dialup VPNs don't usually use tunnels in Netscreen terminology.
The 10 tunnel limit is more along the lines of site-to-site VPNs.

I usually use up the limited session counts on the 5GT before anything else.