Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Which Router should I use for many VPN Connections?

I want to setup my main site to connect to all child site slocated on the internet through VPN tunnels. I have about 60 child sites, and thier circuit speed range from 128K to a Full T-1. My main site conection to the internet in a T-1. I want setup a 3DES IPSEC VPN Tunnel from my main site to all child sites, like a star toplogy. What router is recommnded for such setup that will handle all the tunnels? 3600? 3700? 7XXX? All child sites have 2621 routers, which shouldn't be a problem running one VPN tunel on. Is there a formula out there to calcultae the number of tunels on each router, to see the capacity on the main router site? Should I get a separate VPN card for the router?

plz advice and thanks in advnace

Tony

7 REPLIES
New Member

Re: Which Router should I use for many VPN Connections?

I'm not going to make a hardware reccommendation but I will reccommend not putting all your eggs in one basket. 60 sites should dictate that redundancy is required.

New Member

Re: Which Router should I use for many VPN Connections?

Hi Tony

Just been back from a CVPN course but hopefully I'll be able to give you a good answer.

1. The 3600 I believe is now considered to be EOL.

2. The 3700 is a replacement for the 3600. I don't know whether the 3700 takes a VPN accelerator card but I believe it should do. In the courseware, it is recommended to use 7200 for VPN connectivity where the 7200 is at the central site. It is also recommended that you'll use a VPN accelerator card to greatly enhance VPN performance.

3. The course was concentrated on using the Cisco 3000 VPN concentrator fr CPN connections. This is one hardware specifically been designed for VPNs and it will be able to work with your other 2620 child sites router. This is my personal recommendation instead of using a 7200 router. I think that you might find that the top-end 3000 concentrator will cost you less than a VPN 7200 router. Don't forget that you'll also have to purchase the appropriate VPN software on the router.

So my recommendation is to use the concentrator instead of the 7200. With 60 child sites, I think that either mid-range to high-end concentrator will easily do the job. Good luck.

New Member

Re: Which Router should I use for many VPN Connections?

I use a Cisco 3005 VPN Concentrator (the smallest in the line) and currently terminate about 30 3DES tunnels on this plus end user sessions. I plan to add a second unit and set them up in a clustered configuration for load balancing and redundancy (this is a built-in functionality). These units are pretty inexpensive so unless you are in need of a new high-end router at your core, I would suggest going with the VPN Concentrator.

Hope this helps.

Justin Loucks

New Member

Re: Which Router should I use for many VPN Connections?

thnxs for your feedback!

ar
New Member

Re: Which Router should I use for many VPN Connections?

Hi.

I'm planning to setup the same case as thread starter.

I will then map the ipsec tunnels to a certain VRFs.

7200 is not recommended here? Why?

Also any good documentation for this?

thanks

Super Bronze

Re: Which Router should I use for many VPN Connections?

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting


If your main site is only going to have a single T1 (which seems undersized for 60 sites with up to T1s too), a small 2800 or 2900 router should be able to handle 60 tunnels (or perhaps one tunnel using DMVPN).

If you think its possible you'll upgrade your hub's WAN bandwidth, that will be what you need to size for.

I believe the 2621 has a (default) built-in crypto module, so they might struggle with even a T1 doing 3DES.

If your IOS supports it, would recommend AES over 3DES.

PS:

You could also consider not encrypting your tunnels.  How likely is someone to intercept your tunnel traffic, or spoof it in such a way they gain entry into your network?

Hall of Fame Super Gold

Re: Which Router should I use for many VPN Connections?

Joseph,

OP's thread is 9 years old ...

That explains a lot

456
Views
0
Helpful
7
Replies