Hub site device to terminate 100-200 VPN tunnels ?
I have a requirement to select a device to terminate between 100-200 VPN tunnels (approx 30 site-site, remaining client-site) with either CISCO 837 ADSL router or cisco VPN client at the remote end.
I need to be able to support these tunnels in the event of equipment failiure. I don't mind the client-sites having to re-establish a connection, but site-sites (837 router) must be up quickly also.
I am considering 2 options (but open to suggestions). I have been looking at the 3000 concentrators in various configs, but have also noticed the 515e router. It seems I could use a single 515e unrestricted and a 515e failover unit and support up to 2,000 tunnels (don't know what proportion are site-site). This seems a cheaper alternative to multiple 3005's or probably 2 3030's.
My question is what is the difference between these two options, I know the concentrator is a dedicated device but what is the difference in practice ? The concentrators appear to be the more expensive option - is it down to management, configuration, capacity, support for different clients ?
Re: Hub site device to terminate 100-200 VPN tunnels ?
My advise would be to go with the 3030's. The question is will all your remote sites need to talk to each other? If so, the only way to do this with a PIX as the headend is to fully mesh all your routers with VPN's and after that there is no need for the PIX. The PIX will not allow traffic to enter an interface and leave the same.
The Concentrator will route between your remote sites like a champ if thats what you want. As far as equipment failure there really is no solution for LANtoLAN connections (not that I've found). VRRP is good but not as good as the Backup LAN to LAN feature when it comes to client to LAN connections.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...