Dreytek 2600 vs Cisco PIX 500

Discussion in 'Cisco' started by Simon Watson, Sep 21, 2004.

  1. Simon Watson

    Simon Watson Guest

    Hi Guys

    My Client has currently Pix 506 & 501's at their remote sites and are
    looking to setup IPSEC VPN tunnels between the remote site (using xdsl) and
    the central site that has a PIX 515.

    They have Five other sites that they want to connect to the main site via
    VPN, but they have been informed that instead of buying Pix 500's they
    should buy DreyTek 2600 ADSL routers for the remote sites as they are a
    fraction of the cost of a PIX & they can support 16 VPN tunnels.

    Has anyone used the Dreyteks ?? I'm trying to dig up dirt to try and disuade
    them from buying these instead of PIX's. Do anyone knows of any performance
    issues with these Dreytek boxes.

    Thanks

    Simon.
     
    Simon Watson, Sep 21, 2004
    #1
    1. Advertising

  2. In article <sMK3d.3869$>,
    Simon Watson <> wrote:
    :My Client has currently Pix 506 & 501's at their remote sites and are
    :looking to setup IPSEC VPN tunnels between the remote site (using xdsl) and
    :the central site that has a PIX 515.

    xDSL is not often used for point-to-point, so these sites are on the
    Internet, right? Even if they only ever want to communicate between
    the client's sites, and never want those remote sites to be able to
    surf or kazaa or whatever, they have full Internet connections, no?


    :They have Five other sites that they want to connect to the main site via
    :VPN, but they have been informed that instead of buying Pix 500's they
    :should buy DreyTek 2600 ADSL routers for the remote sites as they are a
    :fraction of the cost of a PIX & they can support 16 VPN tunnels.

    ADSL routers... ummm, they might handle VPN tunnels, but how well do they
    handle security? How well can they be configured to keep out intruders,
    and to automatically open security pinholes on an as-needed basis?
    Are they "statefull packet inspection" (SPI), to use the current
    marketting term? And if they are, what protocols are they SPI for?

    Do they have decent syslog-able logs that can be used to trace
    connections, whether legit or intrusion? If one of the workstations
    cannot get through to somewhere, are the logs detailed enough to figure
    out what is going on? If you have initial trouble with the IPSec connection,
    does it have good debug features to allow you to track the connection
    progress? And when your IPSec connection gets jammed (as it -will- at
    some point), can you get at enough of the state to figure out what is
    stuck?

    Can the DreyTek's be configured by pushing in new text-based configs,
    so that you can do sensible remote config management? Can you do useful
    snmp monitoring of them?


    I'm not saying that DreyTek is weak in any of these areas: I'm suggesting
    these as topics of comparison. I tend not to expect very much of inexpensive
    ADSL "routers".
    --
    Inevitably, someone will flame me about this .signature.
     
    Walter Roberson, Sep 21, 2004
    #2
    1. Advertising

  3. Simon Watson

    paul blitz Guest

    We are seriously considering a Draytek 2600 series device for a remote new
    site.

    Why?

    1) user friendly web interface
    2) easy to understand, step-by-step docs (which include notes for setting up
    VPSns to Pix, MicroSoft VPN servers etc)
    3) I've heard good things from other companies using them for VPNs from home
    users
    4) price

    If you are a die-hard cisco engineer, then you'll be able to set up a pix in
    your sleep. The rest of us mere mortals have problems, and the Draytek seems
    orders of magnitude easier to set up.

    The Draytek 2600 has inbuilt ADSL, inbuilt stateful-inspection firewall,
    NAT, VPN. Ok, maybe the firewall side is possibly NOT quite as good as a Pix
    (of course, it COULD be better!), but for most uses, is that really likely
    to be a major issue?


    paul

    "Simon Watson" <> wrote in message
    news:sMK3d.3869$...
    > Hi Guys
    >
    > My Client has currently Pix 506 & 501's at their remote sites and are
    > looking to setup IPSEC VPN tunnels between the remote site (using xdsl)

    and
    > the central site that has a PIX 515.
    >
    > They have Five other sites that they want to connect to the main site via
    > VPN, but they have been informed that instead of buying Pix 500's they
    > should buy DreyTek 2600 ADSL routers for the remote sites as they are a
    > fraction of the cost of a PIX & they can support 16 VPN tunnels.
    >
    > Has anyone used the Dreyteks ?? I'm trying to dig up dirt to try and

    disuade
    > them from buying these instead of PIX's. Do anyone knows of any

    performance
    > issues with these Dreytek boxes.
    >
    > Thanks
    >
    > Simon.
    >
    >
     
    paul blitz, Sep 21, 2004
    #3
  4. Simon Watson

    paul blitz Guest

    > xDSL is not often used for point-to-point, so these sites are on the
    > Internet, right?


    A *LOT* of people are using ADSL for business links... in many cases, it
    works VERY well, and is very cost-effective. As long as it is done
    *intelligently*, and they accept that SOME ADSL link may NOT be suitable (eg
    due to local congestion)

    > Even if they only ever want to communicate between
    > the client's sites, and never want those remote sites to be able to
    > surf or kazaa or whatever, they have full Internet connections, no?


    ....And, as you say, gives a local internet connection too


    > ADSL routers... ummm, they might handle VPN tunnels, but how well do they
    > handle security? How well can they be configured to keep out intruders,
    > and to automatically open security pinholes on an as-needed basis?


    Take a look at one of the Draytek sites, you might be suprised at what these
    boxes include. Main site is at www.draytek.co.tw, you'll find local sites
    linked.

    > Are they "statefull packet inspection" (SPI), to use the current
    > marketting term? And if they are, what protocols are they SPI for?


    Indeed they are.

    > Do they have decent syslog-able logs that can be used to trace
    > connections, whether legit or intrusion?


    I believe they do.

    > Can the DreyTek's be configured by pushing in new text-based configs,
    > so that you can do sensible remote config management?


    For this sort of config, I think you'll find the web interface is quite
    adequate

    > Can you do useful snmp monitoring of them?


    Yes, snmp is on the feature list... but, lets be honest, in *small*
    businesses, how many bother with snmp monitoring? Not many in my experience!

    > I'm not saying that DreyTek is weak in any of these areas: I'm suggesting
    > these as topics of comparison. I tend not to expect very much of

    inexpensive
    > ADSL "routers".


    Very valid things to look at. I started looking at Draytek for home use (to
    replace a USR 8003, which also has staeful inspection firewall, but has a
    web interface that is even LESS comprehensible than a cisco... and no useful
    docs either) and was amazed at the features included for the price. At some
    point I was visiting a customer, who had loads of them installed for home
    workers, and they were very impressed with them, how reliable they seemed to
    be, and how simple they were to install & configure.

    Lets be brutally honest: cisco kit is excellent kit - if you understand it -
    but a lot of the low end stuff is very dated, where the opposition have
    leaped ahead in user-interface improvements etc.

    I end by saying I have NOTHING at all to do with Draytek. We have several
    cisco products at work... but are seriously considering a Draytek as it
    seems to do what we want, and a very good price.



    Paul Blitz
    Centia
    England
     
    paul blitz, Sep 21, 2004
    #4
  5. Simon Watson

    Simon Watson Guest

    Thanks for your input

    "paul blitz" <> wrote in message
    news:415006ab$0$20250$...
    > We are seriously considering a Draytek 2600 series device for a remote new
    > site.
    >
    > Why?
    >
    > 1) user friendly web interface
    > 2) easy to understand, step-by-step docs (which include notes for setting

    up
    > VPSns to Pix, MicroSoft VPN servers etc)
    > 3) I've heard good things from other companies using them for VPNs from

    home
    > users
    > 4) price
    >
    > If you are a die-hard cisco engineer, then you'll be able to set up a pix

    in
    > your sleep. The rest of us mere mortals have problems, and the Draytek

    seems
    > orders of magnitude easier to set up.
    >
    > The Draytek 2600 has inbuilt ADSL, inbuilt stateful-inspection firewall,
    > NAT, VPN. Ok, maybe the firewall side is possibly NOT quite as good as a

    Pix
    > (of course, it COULD be better!), but for most uses, is that really likely
    > to be a major issue?
    >
    >
    > paul
    >
    > "Simon Watson" <> wrote in message
    > news:sMK3d.3869$...
    > > Hi Guys
    > >
    > > My Client has currently Pix 506 & 501's at their remote sites and are
    > > looking to setup IPSEC VPN tunnels between the remote site (using xdsl)

    > and
    > > the central site that has a PIX 515.
    > >
    > > They have Five other sites that they want to connect to the main site

    via
    > > VPN, but they have been informed that instead of buying Pix 500's they
    > > should buy DreyTek 2600 ADSL routers for the remote sites as they are a
    > > fraction of the cost of a PIX & they can support 16 VPN tunnels.
    > >
    > > Has anyone used the Dreyteks ?? I'm trying to dig up dirt to try and

    > disuade
    > > them from buying these instead of PIX's. Do anyone knows of any

    > performance
    > > issues with these Dreytek boxes.
    > >
    > > Thanks
    > >
    > > Simon.
    > >
    > >

    >
    >
     
    Simon Watson, Sep 22, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    9
    Views:
    3,466
    Walter Roberson
    Nov 18, 2003
  2. Fatman Superstar

    Cisco 837 > Pix > 2600

    Fatman Superstar, Nov 16, 2003, in forum: Cisco
    Replies:
    0
    Views:
    479
    Fatman Superstar
    Nov 16, 2003
  3. hoser
    Replies:
    2
    Views:
    1,027
    hoser
    Apr 15, 2005
  4. Dave
    Replies:
    2
    Views:
    907
  5. Replies:
    2
    Views:
    848
Loading...

Share This Page