Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to Site VPN Hardware recommendations

Hi Guys,

We have an small office in India (20 users) which we would like to connect to our WAN in the uk. (We have a PIX 501 that we were going to use on our side)

They have an ADSL connection with a static IP, what I would like to know is what cisco devices you guys would recommend to buy them so that they can connect to us. We were thinking of buying the Cisco 878 but it can only do 10 IPSEC tunnels and we will need about 18 simultaneous tunnels to connect to all diffrent branches in the UK.

Ideally we would have liked 1 cisco device that can make the ADSL connection as well as connect to our PIX 501 with about 18 IPSEC Tunnels, but if thats not possible what would be the best way forward?

Sorry not a very technical question

Regards

Paul

11 REPLIES

Re: Site to Site VPN Hardware recommendations

Paul,

Ideally I would have thought that you would want to only connect from India to 1 site in the UK "the Hub" - then the "Hub" would distibute your traffic out to the other sites in the UK. Essentially have a Data Center in the UK. All remote sites would connect into this Data Center?

Also considerations are:-

ADSL pipe Size

Bandwdith Usage

Applications - bursty or continious

As the above will determine, thruput - which is important, as I would imaging the users in India will also use the internet, so you need to think about the amount of traffic a device can handle, and of course how much it can encrypt/decrypt = total encrypted thruput etc.

HTH.

Re: Site to Site VPN Hardware recommendations

As an update to the above, the Pix 501:-

Cleartext throughput: Up to 60 Mbps

Concurrent connections: 7,500

56-bit DES IPsec VPN throughput: Up to 6 Mbps

168-bit 3DES IPsec VPN throughput: Up to 3 Mbps

128-bit AES IPsec VPN throughput: Up to 4.5 Mbps

Simultaneous VPN peers: 10*

* Maximum number

10-User License

The Cisco PIX 501 10-user license supports up to 10 concurrent source IP addresses from

your internal network to traverse through the Cisco PIX 501. The integrated DHCP server

supports up to 32 DHCP leases. As your needs grow, both 50 user and unlimited user

upgrade licenses are available, allowing you to extend your investment in Cisco PIX 501

equipment.

50-User License

The Cisco PIX 501 50-user license supports up to 50 concurrent source IP addresses from

your internal network to traverse through the Cisco PIX 501. The integrated DHCP server

supports up to 128 DHCP leases. As your needs grow, a 50-to-unlimited user upgrade

license is also available, allowing you to further extend your investment in Cisco PIX 501

equipment.

Unlimited User License

The PIX 501 unlimited user license supports an unlimited number of devices from your

internal network to traverse through the Cisco PIX 501. The integrated DHCP server

supports up to 256 DHCP leases.

3DES/AES and DES Encryption Licenses

The Cisco PIX 501 Security Appliance has two optional encryption licenses-one license

(PIX-501-VPN-3DES) enables 168-bit 3DES and up to 256-bit AES encryption, the other

license (PIX-VPN-DES) enables 56-bit DES encryption. Both are available either at the time

of ordering the Cisco PIX 501 Security Appliance, or can be obtained subsequently through

Cisco.com. Note that an encryption license must be installed to activate encryption services

which are required before

I think if you want a small cost effective firewall - the perhaps the 506:-

Cleartext throughput: Up to 100 Mbps

Concurrent connections: 25,000

56-bit DES IPSec VPN throughput: Up to 20 Mbps

168-bit 3DES IPSec VPN throughput: Up to 16 Mbps

128-bit AES IPSec VPN throughput: Up to 30 Mbps

256-bit AES IPSec VPN throughput: Up to 25 Mbps

Simultaneous VPN peers: 25*

* Maximum number

With no limit on the number of inside ip addresses.

HTH.

New Member

Re: Site to Site VPN Hardware recommendations

Thans for that Andrew,

I was thinking of the PIX 501 with the 50 user license which should be enough for that office. My question is which router do I get to make the ADSL connection as we want to buy everything in the UK and then ship it over to be installed.

Will the Cisco 1801 not be able to everything that we want in this scenario ?

And yes basically the India office would be connecting to our data center in the UK.

Thanks

Re: Site to Site VPN Hardware recommendations

Paul,

The 18xx series for VPN's:-

IPSec and VPN

Integrated Hardware-Based

Encryption

On motherboard

Encryption Support in Hardware

DES, 3DES, AES 128, AES 192, AES 256

IPSec Tunnels Supported 50

IPSec VPN Performance 40 Mbps 3DES @ 1400 byte packets

Cisco IOS Firewall Performance

100 Mbps @ 1400 byte packets

Specifically the 1801:-

ADSL Digital Subscriber Line Access Multiplexer (DSLAM) Interoperability

The Cisco 1801 is interoperable

DSLAMs:

• Cisco 6130 and Cisco 6260 IP DSL switches

• Alcatel (ASAM 1000 and 7300)

• Lucent Stinger (24- and 72-port line cards)

• ECI HiFocus (16- and 32-port line cards [Anaconda support])

HTH.

New Member

Re: Site to Site VPN Hardware recommendations

Why use the Pix devices when they are already scheduled for End of Sale, etc? I far prefer the ASA 5505 device to the Pix 501 anyway, more granular control, better GUI (ASDM), and longer support life.

Just my 3.14 cents,

C

Re: Site to Site VPN Hardware recommendations

A very good point - and my reply would be :-

A 501 with 50 user in the UK is about £320.0

A 5505 with VPN/Firewall bundle is about £1500.0

When someone else is counting the beans - they make the choice!!

:o)

New Member

Re: Site to Site VPN Hardware recommendations

A 5505 is 1500 pounds sterling?! At the current exchange rate that means a 5505 would be nearly $3000 in US Dollars?

I get that device for about $500 here in the US of A, are we talking apples and oranges, or is Cisco equipment really that expensive in Europe?

Just curious,

Carl

Re: Site to Site VPN Hardware recommendations

Ahh the joy of buying from a local US company! Yes - it really is that price.... :o(

New Member

Re: Site to Site VPN Hardware recommendations

WOW, I had no idea! Your comment on using the Pix 501 or other device over the ASA 5505 really makes sense now. I wonder what drives the price up so high across the pond?

Re: Site to Site VPN Hardware recommendations

Tell you what - the next time I need to get a cisco device, I will shoot you an email and see if I can get it cheaper thru you!!

I can tell you - the more pair of hands the products go thru, the more the price rises. Cisco only deal with partners & resellers, not direct.

If I could buy direct - I would!

New Member

Re: Site to Site VPN Hardware recommendations

We buy from a partner too, albeit a large one who gets really good discounts. I wonder if there are really high Value Added Taxes or other tariffs placed on Cisco gear in Europe that are driving the price up.

408
Views
0
Helpful
11
Replies
CreatePlease to create content