Cisco Support Community
Community Member

Scalable retail VPN

We are a retail organization, and are planning on using a VPN over the Internet to communicate with our stores. We currently have about 1100 stores across North America. We are planning to use 1720 routers in each store. I'd like some help on a number of aspects of the design:

1: Authentication - shared secrets doesn't seem to scale, but a CA may have administrative overhead. What should we use? What has been done? What lessons can you share?

2: The data center - We are planning on using redundant 3030 VPN concentrators. Is this the best choice? Is it better than 7140s?

3: Acquistion & rollout - How did you stage this volume of routers? How did you ensure the config was accurate? Did you do it remotely?

4: Management - How valuable is Ciscoworks in a space like this? What can it do? Manage authentication? IOS revs? How critical is out of band management?



Community Member

Re: Scalable retail VPN

CA’s are very scalable for your situation. 3030’s are okay but for 11k clients you might look at the 5000 series instead. Keep the encryption off your 7140’s if you can help it. In your environment, a dedicate concentrator is a better plan. That should help a little.

CreatePlease to create content