I have been assigned the task of deploying a VPN for our company. To be honest with you I know very little about VPN's and have been doing some research to try to get up to speed. We have a Cat 5000 connected to a 7200 which connects to our pix, then the pix connects to a 2500 which goes out of a csu an connects to a local ISP. I need to connect 12 different sites through the VPN. I looked into an Altiga C30 and C60 but found out that they were used for remote users. I'm actually looking to go from LAN to LAN. What would you recommend for hardware and what would be the best way to config this?
We usually go with 2 Cisco routers running IPSEC VPN software for site-to-site VPN's but often our customers need firewalling capabilities as well. In those cases we either get the IOS firewall feature set for the routers too or we use PIX firewalls.
We use a router at one site and a PIX at the headquarters. We also use VPN client software on some of the sales peoples notebooks.
Well I have the same task to implement a VPN, what i design was using a 3620 connected to the outside interface to PIX 515 whose inside interface is connected to the backbone switch. Now my remote clients will be runniing VPN client software. Right now I have only one Full T1, but i might need to increase my bandwidth since i will have some remote offices. I know 3620 is not that scalable but what i need to know is about the PIX 515. Now i have not really grasp the concept of concentrators. With not more then 150 remote users will this implementation work? And even if I have 2 more Full T1 i can continue with 3620? My other question is for remote offices, can I use DSL there so that they dont use my netowrk bandwidth for internet, but only to use internal resources.
The VPN 3000 Concentrator (formerly Altiga) series works great for LAN-to-LAN and remote users VPNs. Currently have multiple 3000 units performing both functions. The boxes are easy to configure.
You can also terminate your LAN-to-LAN VPNs into the PIX or a host router at the main site. During initial rollout I had about 3-5 sites terminating into a 3640. Obviously with the 3640 scalability was an issue, but it does work.
Overall I think that the best solution for the main site would be the VPN 3000 unit and use the appropriate router at the remote site, dependent on encrypted throughput requirements.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...