Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
0
Helpful
1
Replies

Scalable retail VPN

cschellenberg
Level 1
Level 1

‎06-28-2001 05:20 PM - edited ‎02-21-2020 11:22 AM

We are a retail organization, and are planning on using a VPN over the Internet to communicate with our stores. We currently have about 1100 stores across North America. We are planning to use 1720 routers in each store. I'd like some help on a number of aspects of the design:

1: Authentication - shared secrets doesn't seem to scale, but a CA may have administrative overhead. What should we use? What has been done? What lessons can you share?

2: The data center - We are planning on using redundant 3030 VPN concentrators. Is this the best choice? Is it better than 7140s?

3: Acquistion & rollout - How did you stage this volume of routers? How did you ensure the config was accurate? Did you do it remotely?

4: Management - How valuable is Ciscoworks in a space like this? What can it do? Manage authentication? IOS revs? How critical is out of band management?

Thanks,

Conrad

Labels:
0 Helpful
1 Reply 1

j-block
Level 4
Level 4

‎07-03-2001 11:43 AM

CA’s are very scalable for your situation. 3030’s are okay but for 11k clients you might look at the 5000 series instead. Keep the encryption off your 7140’s if you can help it. In your environment, a dedicate concentrator is a better plan. That should help a little.

0 Helpful
Customers Also Viewed These Support Documents