Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
4
Replies

vpn encryption

learnsec
Level 1
Level 1

‎08-18-2014 12:57 AM

Hello, Would you please advise the difference between an encrypted tunnel between two cisco routers ( crypto map namex 1 ipsec-isakmp; ....) and a vpn site to site between two cisco firewalls? And which one u would prefer and why :) ! BR,
Labels:
0 Helpful
4 Replies 4

Peter Long
Level 1
Level 1

‎08-18-2014 06:47 AM

Your question is a little vague?

Do you mean what's the different mehods of setup? of how do the tunnels differ? The tunnles DO NOT differ if they use the same VPN policy at both ends.

But to setup an IPEC tunnel on both platforms see the following links;

Cisco Router - Configure Site to Site IPSEC VPN

Cisco ASA 5500 Site to Site VPN (From CLI)

Pete

 

0 Helpful

zeuscyril
Level 4
Level 4

‎08-18-2014 07:01 AM

there are different kind of VPN methods in that If you are using IPSEC vpn the both are same , means router and firewall.

 

but router has some different method of doing the VPN like DMVPN and GRE over IPSEC and GET VPN.

so it depends what kind of VPN are you going to Use.

 

but the encryption wise all are same.

 

cyril

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to zeuscyril

‎08-18-2014 08:22 AM

It seems to me that the original question was fairly straightforward and asked for comparison of IPSec tunnel configured between routers and between firewalls. I believe that the question was asking about implementing equivalent technologies on each platform and for that question I agree with previous answers that the results come out about the same. Given a choice I would prefer to do the site to site IPSec VPN on the router. I feel that the tools to manage and to troubleshoot the VPN are somewhat better on the router than on the firewall.

 

If we consider a slightly different version of the question and ask about implementing site to site VPN on routers and on firewalls without specifying the equivalent technology on each then I believe that we get a significantly different answer. The firewall has one way of implementing the site to site tunnel while the router gives us quite a few options. On the router we can do the traditional IPSec encryption (with no tunnel interface) and we can also do the GRE tunnel with IPSec encryption (using crypto map etc). We can also implement VTI for site to site VPN with the tunnel protection profile and also have options for GET VPN, and DMVPN. With these other technologies we also have the ability to run a routing protocol over the site to site VPN and the firewall does not give us this option. So in the more general form of the question I would prefer to do site to site VPN on the router because it gives so many more options to choose.

 

HTH

 

Rick

HTH

Rick
0 Helpful

learnsec
Level 1
Level 1
In response to Richard Burts

‎08-21-2014 11:22 AM

Thank you all guys for ur answers, i think to what i am looking for both are ok but i am looking for preference. As the tunnel is between 2 companies i would prefer it between two firewalls especially i am not looking for other options like gre or others... Thus What option would you take assuming that a router and a firewall are already present on both sides for different reasons.. Maybe the firewall as a peer can help for better mgt like nat0, or building a kind of vpn peer profile for my company, or maybe benefit from the state-full fail-over we can implement on redundant firewalls. Maybe it is better to reformulate my question to ask is there a kind of standard for establishing vpn site to site between companies? :) Br,
0 Helpful
Customers Also Viewed These Support Documents