Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2600, 1720 vs. VPN, it's drivin' me crazy, PLEASE help!

Hi, we''re going to design a enterprise-wide VPN network for our own company.

we have 1 central site(A) and 2 branch(B,C) site, some small remote offices and mobile workers. we plan to implement site-to-site for A, B and C, ie, we connected A,B,C together,logically(Not a hub-and-spoke topology, instead, i guess we should call it a full-mesh). we hope that by this design, each site can have VPN access to any other site. Due to the budget constaint, and given the number of users at each site, we choose to deploy a 2651 VPN bundle at site A, 2611 VPN bundle at site B, and a 1720 at Site C.

and now we got the following questions:

1.We want the 2651 to provide VPN access for all the mobile users and remote offices with cisco VPN client, or MS windows vpn client. is it possible for 2651 to do this, i mean, does 2651 support remote access vpn application naturally? or do we have to install an extra software like Cisco ''easy vpn server'' on 2651, or other software i don''t konw about? and if 2651 do support remote access vpn, is it tricky for 2651 to perform user authentication for both site-to-site and remote access vpn users?

2.can 1720 accept VPN connection requests initiated from other VPN sites, say, Site A, or B. or we should install a Easy vpn server? or this kind of solution can''t work at all. it ok to use 26XX like this in this kind of VPN deployment environment? (it kinda serve as a head-end vpn router in the design, while it is suggested in cisco's solution that 26XX should be used at branch, use a 36XX or 76XX at the central office as a head-end instead). Due to the buget issue, we can''t afford a 3600 or 7100...

we have little experience in implementing a VPN network, so pleeeas help out. or offer us some alternatives, Thanx a lot!

New Member

Re: 2600, 1720 vs. VPN, it's drivin' me crazy, PLEASE help!

1. It is possible for the 2651 to terminate client tunnels, but you really want to use an external authenticator, such as RADIUS, to authenticate. Your clients should use the Cisco VPN client software. The box can terminate both client and gateway tunnels simultaneously, with no additional software.

2. The remote 1720's can accept tunnel requests from each other, or any other IPSEC device without additional software. Just set up a tunnel per Cisco documentation.

3. the 26xx is fine, depending on the amount of traffic. You will have to check Cisco documentation to determine the number of tunnels supported. If you want high volume, use a 71xx series router.

New Member

Re: 2600, 1720 vs. VPN, it's drivin' me crazy, PLEASE help!

Thanx for your help, really appreciate it. You cleared my doubts & saved my day :)

BTW, i've got a trivial question:

can 26XX /17XX support M$ windows embeded VPN software clients?

Thanx in advance.

New Member

Re: 2600, 1720 vs. VPN, it's drivin' me crazy, PLEASE help!

It dependes on IOS version. Take a look at

New Member

Re: 2600, 1720 vs. VPN, it's drivin' me crazy, PLEASE help!

Thanx, this link's been a great help to me :)