Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco VPNs

Reply
Thread Tools

Cisco VPNs

 
 
Michael Williams
Guest
Posts: n/a
 
      03-19-2006
I am looking for a VPN solution with 1500 site-to-site connections.

The 3030 seems the obvious choice, but the PIX 515e with an accelerator card
seems to fit the bill at less than half the price.

Any thoughts?



 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      03-19-2006
In article <RViTf.70467$%(E-Mail Removed)> ,
Michael Williams <(E-Mail Removed)> wrote:
>I am looking for a VPN solution with 1500 site-to-site connections.


>The 3030 seems the obvious choice, but the PIX 515e with an accelerator card
>seems to fit the bill at less than half the price.


How did you plan to manage the authentication?

Would user attributes be important? e.g., per-user
or per-group ACLs ? Downloadable ACLs?

Will the users be using you to proxy to the internet, or will
you be doing split-tunneling for them, or will you be refusing them
access to anything other than your internal resources while they are
connected to you?

To what extent is "clientless" VPN (SSL) important to you?
 
Reply With Quote
 
 
 
 
Michael Williams
Guest
Posts: n/a
 
      03-19-2006
Clientless VPN's not a requirement, nor is routing between sites. Only
communicaiton between the main site servers and the remotes sites is a
requirement. No external internet is required.

Authentication will be done through pre-shared keys, probably with a pix501
as endpoints. The separate management of these endpoints is not a
requirement.


"Walter Roberson" <(E-Mail Removed)> wrote in message
news:QAkTf.159302$sa3.73116@pd7tw1no...
> In article <RViTf.70467$%(E-Mail Removed)> ,
> Michael Williams <(E-Mail Removed)> wrote:
>>I am looking for a VPN solution with 1500 site-to-site connections.

>
>>The 3030 seems the obvious choice, but the PIX 515e with an accelerator
>>card
>>seems to fit the bill at less than half the price.

>
> How did you plan to manage the authentication?
>
> Would user attributes be important? e.g., per-user
> or per-group ACLs ? Downloadable ACLs?
>
> Will the users be using you to proxy to the internet, or will
> you be doing split-tunneling for them, or will you be refusing them
> access to anything other than your internal resources while they are
> connected to you?
>
> To what extent is "clientless" VPN (SSL) important to you?



 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      03-20-2006
In article <8zlTf.40026$(E-Mail Removed)>,
Michael Williams <(E-Mail Removed)> top-posted [now re-arranged]:

>"Walter Roberson" <(E-Mail Removed)> wrote in message
>news:QAkTf.159302$sa3.73116@pd7tw1no...
>> In article <RViTf.70467$%(E-Mail Removed)> ,
>> Michael Williams <(E-Mail Removed)> wrote:
>>>I am looking for a VPN solution with 1500 site-to-site connections.


>>>The 3030 seems the obvious choice, but the PIX 515e with an accelerator
>>>card
>>>seems to fit the bill at less than half the price.


>Clientless VPN's not a requirement, nor is routing between sites. Only
>communicaiton between the main site servers and the remotes sites is a
>requirement. No external internet is required.


>Authentication will be done through pre-shared keys, probably with a pix501
>as endpoints.


The documented limit for the PIX 515/515E is 2000 VPN peers.
In practice this limit would probably depend greatly on throughput
and memory use; and complexity of the ACLs (unless you use turbo ACLs,
which use a fair bit of memory.)

The documented limit for a maxed-out 3030 Concentrator is 1500 VPN peers
http://www.cisco.com/en/US/netsol/ns...0801f0a72.html
Thus if you are approaching 1500 then you may wish to go into the 3060.

Have you considered the Cisco ASA 5540 with VPN Plus? 2000 VPN peers
and better packet inspection (e.g., anti-virus) than the PIX?


Sorry, I do not have any experience with the VPN Concentrator series --
nor any experience with 515E's pushed towards their peer limit.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 2800 - Multiple VPNs Using Virtual-Template AdrianT Cisco 0 12-07-2006 12:20 PM
Cisco 876 - Filtered VPNs Georg Dingler Cisco 2 09-28-2006 05:24 AM
Advanced Guides: VPNs and Internet Connection Security Silverstrand Front Page News 0 11-12-2005 06:21 PM
CISCO PIX VPNs using digital certificates DCS Cisco 1 06-29-2005 06:32 PM
Where should I terminate my Cisco VPNs? Anton Panyushkin Cisco 2 11-10-2004 06:59 AM



Advertisments