Best Hardware to use?

rfinnesey · ‎08-09-2003

I need to setup VPN’s to about 2000 sites. Each site will have an IDSL line installed that will be used to connect to monitor network devices and servers. Some of the remote networks will be using the same network block. I am looking to know what the best hardware to use on each end is. On my end, would it be better to use a PIX or a 3030? On the remote end, I was looking at a PIX 501, SOHO 91 or the 831?

Thank you

Ryan

drolemc · ‎08-14-2003

If you are looking for a box on which to terminate multiple VPN tunnels, the concentrator is the device that you should opt for. Though the PIX can handle multiple VPN tunnels (numbers depend on model) it is primarily focussed on perimeter security. If I were you, for the centeral site I would have both the PIX and the concentrator. The concentrator would act as the tunnel endpoint for the VPN tunnels while the PIX would handle internet traffic which is not IPSec tunneled. This design is necessary considering that the site you are protecting is the all important centeral hub. Also, such a design is important from the scalability point of view and will solve a lot of throughput issues that you might run into otherwise. For the remote sites, a PIX by itself should be sufficient provided that the number of tunnels being terminated is not too high. Specifically, wrt the 501, the maximum number of concurrent VPN peers allowed are 5 and maximum throughput is 10Mbps/6Mbps/3Mbps (unencrypted/DES/3DES).