«

Hi everybody,

I am researching VPN options for my company that would allow us to
connect our branch office with another branch. From what I saw VPN can
be configured on Cisco Routers and Cisco PIX and ASA firewalls (this
does not seem to be possible on any switch platform - right?)

What are the advantages of configuring the VPN on a firewall vs a router
then (or the other way around)? Would I gain anything by doing it on a
firewall rather than router (or vice versa)? What is the recommended
approach?

Can the VPN be configured on a firewall if the other site terminates it
on a router? Does it make any difference?

Thanks,
AL

On 29 Mar, 17:04, "a...@op.pl" <a...@op.pl> wrote:
> Hi everybody,
>
> I am researching VPN options for my company that would allow us to
> connect our branch office with another branch. From what I saw VPN can
> be configured on Cisco Routers and Cisco PIX and ASA firewalls (this
> does not seem to be possible on any switch platform - right?)

Yes. Well, except of course you can plug firewalls into
the 6500 (7600?) maybe others.

> What are the advantages of configuring the VPN on a firewall vs a router
> then (or the other way around)? Would I gain anything by doing it on a
> firewall rather than router (or vice versa)? What is the recommended
> approach?

If you want a full featured firewall you should consider the Pix,
If not router is OK. I don't really know much about pix really.

> Can the VPN be configured on a firewall if the other site terminates it
> on a router? Does it make any difference?

They interoperate. IPSEC is a Standard and interoperation,
even between manufacturers, is very good.

In all cases check the encryption throughput of the
platform under consideration. Additional crypto offload
modules are available for the routers which increase the
performance considerably. AIM-VPN modules.
Even as standard most routers have significant
crypto performance without the extra module.


http://www.cisco.com/en/US/prod/coll...ata_Sheet.html

bod43 wrote:
> In all cases check the encryption throughput of the
> platform under consideration. Additional crypto offload
> modules are available for the routers which increase the
> performance considerably. AIM-VPN modules.
> Even as standard most routers have significant
> crypto performance without the extra module.
>
>
> http://www.cisco.com/en/US/prod/coll...ata_Sheet.html
>
Thanks bod43. This is helpful.

On 30 Mar, 00:57, "a...@op.pl" <a...@op.pl> wrote:
> bod43 wrote:
> > In all cases check the encryption throughput of the
> > platform under consideration. Additional crypto offload
> > modules are available for the routers which increase the
> > performance considerably. AIM-VPN modules.
> > Even as standard most routers have significant
> > crypto performance without the extra module.

Re:- "most routers" - most is not quite correct.
All of the current routers 850/70, 1800, 2800, 3800 (and
presumably 880/60) include crypto offload modules with
significant crypto performance.

For some reason cisco often make (or allow that) hard
performance numbers quite tough to find using the
search tools. They are in there - keep searching