Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

end-to-end VPN solution, is there one?

Has anyone implemented or evaluated an end to end VPN solution?

I am looking for specifics regarding ability to handle remote employees, remote customers and site-to-site VPN design.

I need to also manage the environment (user manangement, access control, billing and accounting, etc.) from a single workstation.

Does anyone know of a set of products that can handle all of the above?

New Member

Re: end-to-end VPN solution, is there one?

Hi there,

I have had experience in a number of good VPN projects in the UK, all using Cisco stuff, either;

1. PIX 515 UR's

2. Cisco 1720's

3. Cisco VPN 3015 Concentrator

The largest project I have installed was for a 150 user online stockbroker with central server farms in the UK and Sweden, and remote users dialling in from all around the world.

The key thing here is to make sure you get the ISP right. If you are doing an intercontinental VPN of ANY type you must choose a decent business to business ISP, the same for all your connections (both static and dialup). Make sure this ISP has got exceptional (i.e Terabit upwards) ATM connections between continents. This will ensure a decent connection speed, and no matter what equipment you choos, you need that.

In regards to equipment, the VPN 3015 is the most outstanding box I've seen to date, although I have not yet looked at the VPN 5000. I've also not compared it against something like the Checkpoint VPN -1. The PIX is very good also, particularly the 520, but configuration can be a real pain, if you do it via the command lien, whereas the 3015 has an EXCELLENT HTML interface. I wouldn't personally bother with Cisco IOS VPNs because they mean you have to fork out for a dedicated box which will be more than you need. However configuring routing protocols to work with the VPN is easier I suppose.

In terms of managment, this will depend really upon the choice of hardware. The Cisco ACS is pretty good for what you want 'though. Depending upon your LAN, you may want to look at decent 3rd part Tacacs or RADIUS server.

Hope that helps...

George Watts

Cisco Secure Consultant

Modena Systems Ltd, UK.

CreatePlease login to create content