Re: What is the fastest VPN enabled Firewall Router that Cisco m
Hmrn... Router, not PIX?
The 7206VXR/NPE-300 with dual ISA's (Integrated Service Adapters) and/or NSE-1. Use the ISA's to hardware accelerate your IPSEC or PPTP/MPPE encryption. Use the NSE-1 to hardware accelerate your CEF, NAT, NetFlow, QoS, tunnels, and by using turbo ACLs. Get IP/FW/IDS software if you need CBAC or additional firewall features.
The 7576 dual RSP8 and/or VIP4-80's. Only distributes CEF, CAR, NetFlow, QoS, std, ext, named, or turbo access-lists, and GRE tunnels, however -- not NAT, IPSEC encryption, or other security technologies. Get IP/FW/IDS software if you need CBAC or additional firewall features.
If you are doing heavy IPSEC/L2TP and PPTP/MPPE (both), along with heavy CBAC configurations, I would probably go with Opt 1.
If you are doing heavy ACLs with CAR, Opt 2 gives you DCAR and distributed ACL capabilities. Across 5 or 6 VIP cards, this would be pretty fast, if you aggregate correctly.
I would guess Opt 1 is for more static topologies, and Opt 2 assumes a highly aggressive aggregation scheme.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...