2600, 1720 vs. VPN, it's drivin' me crazy, PLEASE help!
Hi, we''re going to design a enterprise-wide VPN network for our own company.
we have 1 central site(A) and 2 branch(B,C) site, some small remote offices and mobile workers. we plan to implement site-to-site for A, B and C, ie, we connected A,B,C together,logically(Not a hub-and-spoke topology, instead, i guess we should call it a full-mesh). we hope that by this design, each site can have VPN access to any other site. Due to the budget constaint, and given the number of users at each site, we choose to deploy a 2651 VPN bundle at site A, 2611 VPN bundle at site B, and a 1720 at Site C.
and now we got the following questions:
1.We want the 2651 to provide VPN access for all the mobile users and remote offices with cisco VPN client, or MS windows vpn client. is it possible for 2651 to do this, i mean, does 2651 support remote access vpn application naturally? or do we have to install an extra software like Cisco ''easy vpn server'' on 2651, or other software i don''t konw about? and if 2651 do support remote access vpn, is it tricky for 2651 to perform user authentication for both site-to-site and remote access vpn users?
2.can 1720 accept VPN connection requests initiated from other VPN sites, say, Site A, or B. or we should install a Easy vpn server? or this kind of solution can''t work at all.
3.is it ok to use 26XX like this in this kind of VPN deployment environment? (it kinda serve as a head-end vpn router in the design, while it is suggested in cisco's solution that 26XX should be used at branch, use a 36XX or 76XX at the central office as a head-end instead). Due to the buget issue, we can''t afford a 3600 or 7100...
we have little experience in implementing a VPN network, so pleeeas help out. or offer us some alternatives, Thanx a lot!
Re: 2600, 1720 vs. VPN, it's drivin' me crazy, PLEASE help!
1. It is possible for the 2651 to terminate client tunnels, but you really want to use an external authenticator, such as RADIUS, to authenticate. Your clients should use the Cisco VPN client software. The box can terminate both client and gateway tunnels simultaneously, with no additional software.
2. The remote 1720's can accept tunnel requests from each other, or any other IPSEC device without additional software. Just set up a tunnel per Cisco documentation.
3. the 26xx is fine, depending on the amount of traffic. You will have to check Cisco documentation to determine the number of tunnels supported. If you want high volume, use a 71xx series router.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...