I need to setup VPNs to about 2000 sites. Each site will have an IDSL line installed that will be used to connect to monitor network devices and servers. Some of the remote networks will be using the same network block. I am looking to know what the best hardware to use on each end is. On my end, would it be better to use a PIX or a 3030? On the remote end, I was looking at a PIX 501, SOHO 91 or the 831?
If you are looking for a box on which to terminate multiple VPN tunnels, the concentrator is the device that you should opt for. Though the PIX can handle multiple VPN tunnels (numbers depend on model) it is primarily focussed on perimeter security. If I were you, for the centeral site I would have both the PIX and the concentrator. The concentrator would act as the tunnel endpoint for the VPN tunnels while the PIX would handle internet traffic which is not IPSec tunneled. This design is necessary considering that the site you are protecting is the all important centeral hub. Also, such a design is important from the scalability point of view and will solve a lot of throughput issues that you might run into otherwise. For the remote sites, a PIX by itself should be sufficient provided that the number of tunnels being terminated is not too high. Specifically, wrt the 501, the maximum number of concurrent VPN peers allowed are 5 and maximum throughput is 10Mbps/6Mbps/3Mbps (unencrypted/DES/3DES).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :