This has been in the back of my mind lately, and wanted to float this out there for any input. The company I work for has gone from limited VPN needs to using VPNs for business-critical applications. Our VPN requirements have gone from 2 L2L tunnels and 5-10 end-user connections to 130 L2L tunnels and a growing population of 100+ end-users. Unfortunately... the architecture has been built out with the aging VPN 3005 Concentrator. Looking to the future, I'd like to know what the direction of Cisco VPN strategy is so I'm not budgeting for improper VPN hardware. As I see it now there are a couple options.
- Has the ability to handle both L2L, end-user IPSec and SSL VPN connections. High availability could be done by virtualizing two identical routers with HSRP. Could prove to be messy configuration-wise, but by using IOS this fits nicely into our existing routing infrastructure (internally we route using BGP).
- Seems to be the future of VPN hardware, but it seems to be lacking features. The plusses are extended SSL VPN support and easier high-availability using the failover capabilities of the ASAs. My biggest concern is on the back-end with the routing. The ASAs still do not support BGP and I'm not sure if this will ever be an option. I do see EIGRP was added with v8, and EIGRP operates in a limited part of our routing infrastructure.
Just wanted to hear the direction others are going as the concentrator begin to age and possibly if anyone know where Cisco's VPN strategy is heading,