Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
2
Replies

Hub site device to terminate 100-200 VPN tunnels ?

ajenks
Level 1
Level 1

‎09-02-2003 10:35 AM - edited ‎02-21-2020 12:45 PM

I have a requirement to select a device to terminate between 100-200 VPN tunnels (approx 30 site-site, remaining client-site) with either CISCO 837 ADSL router or cisco VPN client at the remote end.

I need to be able to support these tunnels in the event of equipment failiure. I don't mind the client-sites having to re-establish a connection, but site-sites (837 router) must be up quickly also.

I am considering 2 options (but open to suggestions). I have been looking at the 3000 concentrators in various configs, but have also noticed the 515e router. It seems I could use a single 515e unrestricted and a 515e failover unit and support up to 2,000 tunnels (don't know what proportion are site-site). This seems a cheaper alternative to multiple 3005's or probably 2 3030's.

My question is what is the difference between these two options, I know the concentrator is a dedicated device but what is the difference in practice ? The concentrators appear to be the more expensive option - is it down to management, configuration, capacity, support for different clients ?

Any information would be gratefully recieved.

Labels:
0 Helpful
2 Replies 2

mike-greene
Level 4
Level 4

‎09-02-2003 04:48 PM

Hi,

My advise would be to go with the 3030's. The question is will all your remote sites need to talk to each other? If so, the only way to do this with a PIX as the headend is to fully mesh all your routers with VPN's and after that there is no need for the PIX. The PIX will not allow traffic to enter an interface and leave the same.

The Concentrator will route between your remote sites like a champ if thats what you want. As far as equipment failure there really is no solution for LANtoLAN connections (not that I've found). VRRP is good but not as good as the Backup LAN to LAN feature when it comes to client to LAN connections.

Here is a couple links on Backup LANtoLAN..

http://www.cisco.com/warp/public/471/ld_bl_vpn3000_7602.html

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a008015ce26.html

Hope that helps.

0 Helpful

ajenks
Level 1
Level 1
In response to mike-greene

‎09-03-2003 01:46 AM

Thanks for your response. Point noted about routing between VPN sites. Any other issues anyone ?

0 Helpful
Customers Also Viewed These Support Documents