Recommendation for a local VPN hub

Unanswered Question
Jun 14th, 2007

I just found out that we are bringing on two more employees, both of whom will be working from their homes (they live in Los Angeles, CA, home office is in Spokane, WA).

We will be putting a local PC and Cisco IP Phone at each of their homes, and traditionally we have been using a PIX 501 and a VPN tunnel to accomplish the connectivity. We have three other employees already set up like this.

Because of the additional employees, I am going to be getting the funding for a new "hub" VPN device here at the main office and I want to do it right and move the current VPN users over to it as well (we are currently using a NetGear VPN router and it has reached its capacity). I was planning on using an ISR router with Cisco IOS Firewall to do the IPSEC VPNs, but I would like to know if the NetPro community has any suggestions on whether or not that would be a good idea or what would be a better solution.

We will need to give the remote users access to multiple subnets here at the main office, and would like their Internet access to bypass the tunnel and leave from their remote devices to cut down on traffic.

I hope I have provided enough information, my mind is reeling from the prospect of my network growing very quickly. :)

Thanks for any and all suggestions you can provide,

Chris

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
insbannis_j Fri, 06/15/2007 - 07:57

Hi Chris,

I think some important questions need answering here...

- How many users in total will be connecting through the VPN Hub?

- As you are experiencing growth now, what are the predictions for addition users over the next few years (say 1 - 3)?

- What sort of throughput is required?

- Are there any other services required through the device i.e is it going to be a gateway firewall at the hub site?

- Are you comfortable with IOS, PIX, ASA etc configurations? or willing to learn ;o)

I think with these questions answered the Netpro community could recommend something.

Regards,

Justin

olighec Fri, 06/15/2007 - 09:35

Thanks for your reply,

There will be between 8 and 10 IPSEC VPN tunnels initially, and it could grow to 20-25 depending on other factors in the future.

In addition, I would like to use SSL VPN to replace our PPTP dial-in VPN connections. There are generally between 5 and 10 of those connected at a time.

Throughput shouldn't be a problem because we will be limited by the T1 incoming Internet feed.

This device will be for VPN termination only, all other services are handled by a 2821 ISR.

I am infinitely more familiar and comfortable with IOS configuration than I am with PIX, and I haven't had any experience with ASA.

I have my eye on an 1841 ISR security bundle right now, and it looks like it can handle everything I'm looking for, with the possible exception of SSL VPN.. I do not know if it supports that or what other licenses I would need to get that support.

Thanks,

Chris

Actions

This Discussion