VPN Termination on Routers Vs on Firewalls or VPN Concentrators

Unanswered Question
Feb 12th, 2007


Talking about terminating VPN on routers versus on security devices like ASA or VPN concentraors, I think performance wise, teminating VPN on specialized device would give better result. What do you think?

Please tell what pros and cons would each option have over the other one.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dominic.caron Mon, 02/12/2007 - 14:24


The vpn3000 is going EOS so dont go there. The concentrator is a good box for remote access IPSec vpn.

The router platform is a good box to do lan to lan vpn tunnel since you can take advantage of the routing features. It's not really nice to configure for remote access.

Pix was not really good in anything.

The ASA is the platform a choice for future remote access. It's the replacement for vpn3000 and can do IPsec and SSL at a decent rate.

haithamnofal Tue, 02/13/2007 - 11:26


So, if I would like to implement a site-to-site VPN what is more preferred and secure to implement the VPN on the router itself or on the ASA?

How is the ASA better than the PIX in VPN? I am talking here about PIX OS ver 7.x, or is there HW enahancement in the ASA that is not there in the PIX?




This Discussion