VPN : AdvanceIPService router and Concentrator 3000 series

Discussion in 'Cisco' started by dt1649651@yahoo.com, Jun 1, 2005.

  1. Guest

    If talking only about VPN features, are there any difference between a
    router with advipservicesk9-mz and a 3000-series concentrator ? Is
    there any VPN protocol that one supports and the other does not ?

    Thanks for your advice,

    DT
     
    , Jun 1, 2005
    #1
    1. Advertising

  2. Hi DT,

    The 3000 series supports SSL VPN (what Cisco calls WebVPN) while the IOS
    stuff won't. Cisco also considers the 3000 series their most feature
    rich box for IPSec remote access VPNs. The fact that the 3000 supports
    SSL VPN now is a big enough selling point for me. It's nice to be able
    to do both on the same box.

    Cheers,
    Spencer Teran

    wrote:
    > If talking only about VPN features, are there any difference between a
    > router with advipservicesk9-mz and a 3000-series concentrator ? Is
    > there any VPN protocol that one supports and the other does not ?
    >
    > Thanks for your advice,
    >
    > DT
    >
     
    Spencer Teran, Jun 1, 2005
    #2
    1. Advertising

  3. Richard Deal Guest


    > The 3000 series supports SSL VPN (what Cisco calls WebVPN) while the IOS
    > stuff won't. Cisco also considers the 3000 series their most feature
    > rich box for IPSec remote access VPNs. The fact that the 3000 supports
    > SSL VPN now is a big enough selling point for me. It's nice to be able
    > to do both on the same box.
    >


    Actually, that's not true anymore. As of some 12.3(x)T, the IOS does, Also,
    the new ASA also supports SSL VPNs. However, in both the latter cases, the
    support is very minimal and the 3000 concentrator has more features. When it
    comes to site-to-site connections, though, I would stick with routers for
    scalability, using DMVPN. I'm working on a book with Cisco Press right now
    that goes into primarily IPSec, but also WebVPN, PPTP, and L2TP across of
    Cisco's most-used VPN platforms: concentrators, routers, and security
    appliances, as well as some hardware and software clients.

    Cheers!
    Richard
     
    Richard Deal, Jun 1, 2005
    #3
  4. Guest

    Richard Deal wrote:
    > > The 3000 series supports SSL VPN (what Cisco calls WebVPN) while the IOS
    > > stuff won't. Cisco also considers the 3000 series their most feature
    > > rich box for IPSec remote access VPNs. The fact that the 3000 supports
    > > SSL VPN now is a big enough selling point for me. It's nice to be able
    > > to do both on the same box.
    > >

    >
    > Actually, that's not true anymore. As of some 12.3(x)T, the IOS does, Also,
    > the new ASA also supports SSL VPNs. However, in both the latter cases, the
    > support is very minimal and the 3000 concentrator has more features. When it
    > comes to site-to-site connections, though, I would stick with routers for
    > scalability, using DMVPN. I'm working on a book with Cisco Press right now
    > that goes into primarily IPSec, but also WebVPN, PPTP, and L2TP across of
    > Cisco's most-used VPN platforms: concentrators, routers, and security
    > appliances, as well as some hardware and software clients.


    I hope your book will be released soon. I am reading your book "Cisco
    Router Firewall Security" amd it really helps me.

    DT
     
    , Jun 1, 2005
    #4
  5. Guest

    Spencer Teran wrote:
    > Hi DT,
    >
    > The 3000 series supports SSL VPN (what Cisco calls WebVPN) while the IOS
    > stuff won't. Cisco also considers the 3000 series their most feature
    > rich box for IPSec remote access VPNs. The fact that the 3000 supports
    > SSL VPN now is a big enough selling point for me. It's nice to be able
    > to do both on the same box.
    >


    Spencer, thanks for mentioning about SSL VPN or WebVPN. I just read an
    article from Cisco and you know, it addresses exactly the problem I
    just talked with my boss this morning : one some customers that need
    access to our server, their IT staff may refuse to install the VPN
    Client software.

    I think I can ask for a Concentrator 3000 to solve this problem :)

    DT
     
    , Jun 2, 2005
    #5
  6. Guest

    Richard Deal wrote:
    > > The 3000 series supports SSL VPN (what Cisco calls WebVPN) while the IOS
    > > stuff won't. Cisco also considers the 3000 series their most feature
    > > rich box for IPSec remote access VPNs. The fact that the 3000 supports
    > > SSL VPN now is a big enough selling point for me. It's nice to be able
    > > to do both on the same box.
    > >

    >
    > Actually, that's not true anymore. As of some 12.3(x)T, the IOS does, Also,
    > the new ASA also supports SSL VPNs. However, in both the latter cases, the
    > support is very minimal and the 3000 concentrator has more features. When it
    > comes to site-to-site connections, though, I would stick with routers for
    > scalability, using DMVPN. I'm working on a book with Cisco Press right now
    > that goes into primarily IPSec, but also WebVPN, PPTP, and L2TP across of
    > Cisco's most-used VPN platforms: concentrators, routers, and security
    > appliances, as well as some hardware and software clients.
    >


    Could you please give more details on which features of SSL VPN have on
    the Concentrator but not on the IOS ?

    I have a customer that already has a 2800-series router and do not know
    if the SSL VPN that supports on the newer IOS is good enough for them
    or whether they need to get a concentrator.

    Thanks,

    DT
     
    , Jun 2, 2005
    #6
  7. Hi Richard,

    Thanks for the heads up. I was unaware that IOS had support for SSL
    VPNs. I'll have to try it out. In any case I've been very pleased with
    the 3000 series for both IPSec client-to-site and SSL. I most certainly
    agree that IOS and PIX both offer better support for site-to-site VPNs.

    Cheers,
    Spencer Teran

    Richard Deal wrote:
    >>The 3000 series supports SSL VPN (what Cisco calls WebVPN) while the IOS
    >>stuff won't. Cisco also considers the 3000 series their most feature
    >>rich box for IPSec remote access VPNs. The fact that the 3000 supports
    >>SSL VPN now is a big enough selling point for me. It's nice to be able
    >>to do both on the same box.
    >>

    >
    >
    > Actually, that's not true anymore. As of some 12.3(x)T, the IOS does, Also,
    > the new ASA also supports SSL VPNs. However, in both the latter cases, the
    > support is very minimal and the 3000 concentrator has more features. When it
    > comes to site-to-site connections, though, I would stick with routers for
    > scalability, using DMVPN. I'm working on a book with Cisco Press right now
    > that goes into primarily IPSec, but also WebVPN, PPTP, and L2TP across of
    > Cisco's most-used VPN platforms: concentrators, routers, and security
    > appliances, as well as some hardware and software clients.
    >
    > Cheers!
    > Richard
    >
    >
     
    Spencer Teran, Jun 2, 2005
    #7
  8. Richard Deal Guest

    <> wrote in message
    news:...
    > Richard Deal wrote:
    > > > The 3000 series supports SSL VPN (what Cisco calls WebVPN) while the

    IOS
    > > > stuff won't. Cisco also considers the 3000 series their most feature
    > > > rich box for IPSec remote access VPNs. The fact that the 3000

    supports
    > > > SSL VPN now is a big enough selling point for me. It's nice to be

    able
    > > > to do both on the same box.
    > > >

    > >
    > > Actually, that's not true anymore. As of some 12.3(x)T, the IOS does,

    Also,
    > > the new ASA also supports SSL VPNs. However, in both the latter cases,

    the
    > > support is very minimal and the 3000 concentrator has more features.

    When it
    > > comes to site-to-site connections, though, I would stick with routers

    for
    > > scalability, using DMVPN. I'm working on a book with Cisco Press right

    now
    > > that goes into primarily IPSec, but also WebVPN, PPTP, and L2TP across

    of
    > > Cisco's most-used VPN platforms: concentrators, routers, and security
    > > appliances, as well as some hardware and software clients.
    > >

    >
    > Could you please give more details on which features of SSL VPN have on
    > the Concentrator but not on the IOS ?
    >
    > I have a customer that already has a 2800-series router and do not know
    > if the SSL VPN that supports on the newer IOS is good enough for them
    > or whether they need to get a concentrator.
    >

    One that comes to the top of my head is new in 4.7 of the 3000s; it supports
    an SSL java-based client that is downloaded from the 3000 to the user's
    desktop. Much more secure and much more control over user's access,
    including NAC. The IOS and ASA support is similar to what you would get on
    the concentrator in 4.1. But 4.7 adds quite a few new features that I think,
    for a medium-size deployment, makes it a no-brainer as to which to use. I
    would only use the router or ASA for a handful of SSL VPN users where IPSec
    isn't an option.

    Hope that helps!

    Cheers!
    Richard
     
    Richard Deal, Jun 3, 2005
    #8
  9. Guest

    Richard Deal wrote:
    [...]
    > One that comes to the top of my head is new in 4.7 of the 3000s; it supports
    > an SSL java-based client that is downloaded from the 3000 to the user's
    > desktop. Much more secure and much more control over user's access,
    > including NAC. The IOS and ASA support is similar to what you would get on
    > the concentrator in 4.1. But 4.7 adds quite a few new features that I think,
    > for a medium-size deployment, makes it a no-brainer as to which to use. I
    > would only use the router or ASA for a handful of SSL VPN users where IPSec
    > isn't an option.
    >


    Thanks, Richard. I just ordered a 3005. Will have a chance to try that
    nice feature.

    DT
     
    , Jun 4, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Heath Roberts
    Replies:
    1
    Views:
    757
    BradReeseCom
    Feb 3, 2005
  2. Eitan
    Replies:
    0
    Views:
    533
    Eitan
    Mar 5, 2006
  3. =?ISO-8859-2?Q?Krzysiek_Kali=F1ski?=

    Problems with VPN Concentrator 3000 series

    =?ISO-8859-2?Q?Krzysiek_Kali=F1ski?=, Jun 24, 2006, in forum: Cisco
    Replies:
    0
    Views:
    554
    =?ISO-8859-2?Q?Krzysiek_Kali=F1ski?=
    Jun 24, 2006
  4. Replies:
    1
    Views:
    982
    James
    Aug 22, 2006
  5. Heath Roberts
    Replies:
    0
    Views:
    695
    Heath Roberts
    Oct 27, 2006
Loading...

Share This Page