I have had experience in a number of good VPN projects in the UK, all using Cisco stuff, either;
1. PIX 515 UR's
2. Cisco 1720's
3. Cisco VPN 3015 Concentrator
The largest project I have installed was for a 150 user online stockbroker with central server farms in the UK and Sweden, and remote users dialling in from all around the world.
The key thing here is to make sure you get the ISP right. If you are doing an intercontinental VPN of ANY type you must choose a decent business to business ISP, the same for all your connections (both static and dialup). Make sure this ISP has got exceptional (i.e Terabit upwards) ATM connections between continents. This will ensure a decent connection speed, and no matter what equipment you choos, you need that.
In regards to equipment, the VPN 3015 is the most outstanding box I've seen to date, although I have not yet looked at the VPN 5000. I've also not compared it against something like the Checkpoint VPN -1. The PIX is very good also, particularly the 520, but configuration can be a real pain, if you do it via the command lien, whereas the 3015 has an EXCELLENT HTML interface. I wouldn't personally bother with Cisco IOS VPNs because they mean you have to fork out for a dedicated box which will be more than you need. However configuring routing protocols to work with the VPN is easier I suppose.
In terms of managment, this will depend really upon the choice of hardware. The Cisco ACS is pretty good for what you want 'though. Depending upon your LAN, you may want to look at decent 3rd part Tacacs or RADIUS server.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :