I usually deal with LAN/WAN issues but have very little experience with designing VPN's. I would like to know if I have the right idea or if there is a better solution to be designed.
There is an HQ with two remote offices. The remote offices have 10-20 people each with little to no growth planned and each have different firewall solutions. The HQ has 40-50 people with tremendous growth expected and a PIX 515E. The IT manager would like site-to-site VPN's for the remote offices and remote access VPN's for travelers. His biggest concern is speed across the site-to-site tunnels.
Place a VPN 3005 Concentrator behind the PIX at the HQ and 800 series routers with VPN and Firewall feature sets at the remotes.
Does this look adequate? Any other recommendations?
Solved! Go to Solution.
Thanks for the response.
I was thinking of using a VPN concentrator since I need to terminate two tunnels and remote access VPN's. I thought they might tax the PIX.
I also thought about just buying two 501's for the remote sites and upgrading the 515. It would be cost effective but do you think the 515's performance would suffer with all those tunnels?
How many tunnels are you looking at ? I think the 515 should handle all these tunnels with a VAC. You wouldnt need another concentrator. BTW r u using the 515 or 515 E. If 515, then suggest moving to 515E as it is EOS
2 site-to-site tunnels and say 10 to 20 remote access VPN's at any given time. Would this level of use require a VAC?
You have PIX at the HQ? So why do you need 3005? PIX is enought. For remote offices, it is up to you, also you can think about PIX'es 501 or 506
Thanks for your response. We have established that a concentrator is not necessary and the existing equipment should suffice with the addition of a 501 at the remote sites.