Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
0
Helpful
7
Replies

Which Router should I use for many VPN Connections?

oufyaba
Level 1
Level 1

‎05-06-2003 02:12 PM - edited ‎03-02-2019 07:09 AM

I want to setup my main site to connect to all child site slocated on the internet through VPN tunnels. I have about 60 child sites, and thier circuit speed range from 128K to a Full T-1. My main site conection to the internet in a T-1. I want setup a 3DES IPSEC VPN Tunnel from my main site to all child sites, like a star toplogy. What router is recommnded for such setup that will handle all the tunnels? 3600? 3700? 7XXX? All child sites have 2621 routers, which shouldn't be a problem running one VPN tunel on. Is there a formula out there to calcultae the number of tunels on each router, to see the capacity on the main router site? Should I get a separate VPN card for the router?

plz advice and thanks in advnace

Tony

Labels:
0 Helpful
7 Replies 7

steven-dunn
Level 1
Level 1

‎05-06-2003 05:45 PM

I'm not going to make a hardware reccommendation but I will reccommend not putting all your eggs in one basket. 60 sites should dictate that redundancy is required.

0 Helpful

vincent-n
Level 3
Level 3

‎05-06-2003 05:49 PM

Hi Tony

Just been back from a CVPN course but hopefully I'll be able to give you a good answer.

1. The 3600 I believe is now considered to be EOL.

2. The 3700 is a replacement for the 3600. I don't know whether the 3700 takes a VPN accelerator card but I believe it should do. In the courseware, it is recommended to use 7200 for VPN connectivity where the 7200 is at the central site. It is also recommended that you'll use a VPN accelerator card to greatly enhance VPN performance.

3. The course was concentrated on using the Cisco 3000 VPN concentrator fr CPN connections. This is one hardware specifically been designed for VPNs and it will be able to work with your other 2620 child sites router. This is my personal recommendation instead of using a 7200 router. I think that you might find that the top-end 3000 concentrator will cost you less than a VPN 7200 router. Don't forget that you'll also have to purchase the appropriate VPN software on the router.

So my recommendation is to use the concentrator instead of the 7200. With 60 child sites, I think that either mid-range to high-end concentrator will easily do the job. Good luck.

0 Helpful

JUSTIN LOUCKS
Level 1
Level 1

‎05-09-2003 03:24 PM

I use a Cisco 3005 VPN Concentrator (the smallest in the line) and currently terminate about 30 3DES tunnels on this plus end user sessions. I plan to add a second unit and set them up in a clustered configuration for load balancing and redundancy (this is a built-in functionality). These units are pretty inexpensive so unless you are in need of a new high-end router at your core, I would suggest going with the VPN Concentrator.

Hope this helps.

Justin Loucks

0 Helpful

oufyaba
Level 1
Level 1
In response to JUSTIN LOUCKS

‎05-12-2003 07:00 AM

thnxs for your feedback!

0 Helpful

ar
Level 1
Level 1
In response to oufyaba

‎02-14-2012 11:59 PM

Hi.

I'm planning to setup the same case as thread starter.

I will then map the ipsec tunnels to a certain VRFs.

7200 is not recommended here? Why?

Also any good documentation for this?

thanks

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-15-2012 06:43 PM

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting


If your main site is only going to have a single T1 (which seems undersized for 60 sites with up to T1s too), a small 2800 or 2900 router should be able to handle 60 tunnels (or perhaps one tunnel using DMVPN).

If you think its possible you'll upgrade your hub's WAN bandwidth, that will be what you need to size for.

I believe the 2621 has a (default) built-in crypto module, so they might struggle with even a T1 doing 3DES.

If your IOS supports it, would recommend AES over 3DES.

PS:

You could also consider not encrypting your tunnels.  How likely is someone to intercept your tunnel traffic, or spoof it in such a way they gain entry into your network?

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎02-17-2012 03:08 AM

Joseph,

OP's thread is 9 years old ...

That explains a lot

0 Helpful
Customers Also Viewed These Support Documents