Cisco VPNs

Discussion in 'Cisco' started by Michael Williams, Mar 19, 2006.

  1. I am looking for a VPN solution with 1500 site-to-site connections.

    The 3030 seems the obvious choice, but the PIX 515e with an accelerator card
    seems to fit the bill at less than half the price.

    Any thoughts?
     
    Michael Williams, Mar 19, 2006
    #1
    1. Advertising

  2. In article <RViTf.70467$%>,
    Michael Williams <> wrote:
    >I am looking for a VPN solution with 1500 site-to-site connections.


    >The 3030 seems the obvious choice, but the PIX 515e with an accelerator card
    >seems to fit the bill at less than half the price.


    How did you plan to manage the authentication?

    Would user attributes be important? e.g., per-user
    or per-group ACLs ? Downloadable ACLs?

    Will the users be using you to proxy to the internet, or will
    you be doing split-tunneling for them, or will you be refusing them
    access to anything other than your internal resources while they are
    connected to you?

    To what extent is "clientless" VPN (SSL) important to you?
     
    Walter Roberson, Mar 19, 2006
    #2
    1. Advertising

  3. Clientless VPN's not a requirement, nor is routing between sites. Only
    communicaiton between the main site servers and the remotes sites is a
    requirement. No external internet is required.

    Authentication will be done through pre-shared keys, probably with a pix501
    as endpoints. The separate management of these endpoints is not a
    requirement.


    "Walter Roberson" <> wrote in message
    news:QAkTf.159302$sa3.73116@pd7tw1no...
    > In article <RViTf.70467$%>,
    > Michael Williams <> wrote:
    >>I am looking for a VPN solution with 1500 site-to-site connections.

    >
    >>The 3030 seems the obvious choice, but the PIX 515e with an accelerator
    >>card
    >>seems to fit the bill at less than half the price.

    >
    > How did you plan to manage the authentication?
    >
    > Would user attributes be important? e.g., per-user
    > or per-group ACLs ? Downloadable ACLs?
    >
    > Will the users be using you to proxy to the internet, or will
    > you be doing split-tunneling for them, or will you be refusing them
    > access to anything other than your internal resources while they are
    > connected to you?
    >
    > To what extent is "clientless" VPN (SSL) important to you?
     
    Michael Williams, Mar 19, 2006
    #3
  4. In article <8zlTf.40026$>,
    Michael Williams <> top-posted [now re-arranged]:

    >"Walter Roberson" <> wrote in message
    >news:QAkTf.159302$sa3.73116@pd7tw1no...
    >> In article <RViTf.70467$%>,
    >> Michael Williams <> wrote:
    >>>I am looking for a VPN solution with 1500 site-to-site connections.


    >>>The 3030 seems the obvious choice, but the PIX 515e with an accelerator
    >>>card
    >>>seems to fit the bill at less than half the price.


    >Clientless VPN's not a requirement, nor is routing between sites. Only
    >communicaiton between the main site servers and the remotes sites is a
    >requirement. No external internet is required.


    >Authentication will be done through pre-shared keys, probably with a pix501
    >as endpoints.


    The documented limit for the PIX 515/515E is 2000 VPN peers.
    In practice this limit would probably depend greatly on throughput
    and memory use; and complexity of the ACLs (unless you use turbo ACLs,
    which use a fair bit of memory.)

    The documented limit for a maxed-out 3030 Concentrator is 1500 VPN peers
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/netbr09186a00801f0a72.html
    Thus if you are approaching 1500 then you may wish to go into the 3060.

    Have you considered the Cisco ASA 5540 with VPN Plus? 2000 VPN peers
    and better packet inspection (e.g., anti-virus) than the PIX?


    Sorry, I do not have any experience with the VPN Concentrator series --
    nor any experience with 515E's pushed towards their peer limit.
     
    Walter Roberson, Mar 20, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    Advanced Guides: VPNs and Internet Connection Security

    Silverstrand, Nov 12, 2005, in forum: Front Page News
    Replies:
    0
    Views:
    647
    Silverstrand
    Nov 12, 2005
  2. Anton Panyushkin

    Where should I terminate my Cisco VPNs?

    Anton Panyushkin, Nov 9, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,682
    Anton Panyushkin
    Nov 10, 2004
  3. DCS
    Replies:
    1
    Views:
    470
    Walter Roberson
    Jun 29, 2005
  4. Georg Dingler

    Cisco 876 - Filtered VPNs

    Georg Dingler, Sep 27, 2006, in forum: Cisco
    Replies:
    2
    Views:
    679
    Georg Dingler
    Sep 28, 2006
  5. AdrianT
    Replies:
    0
    Views:
    2,161
    AdrianT
    Dec 7, 2006
Loading...

Share This Page