Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
4
Replies

2600, 1720 vs. VPN, it's drivin' me crazy, PLEASE help!

yucheng-zhao
Level 1
Level 1

‎04-22-2002 02:38 AM - edited ‎02-21-2020 11:42 AM

Hi, we''re going to design a enterprise-wide VPN network for our own company.

we have 1 central site(A) and 2 branch(B,C) site, some small remote offices and mobile workers. we plan to implement site-to-site for A, B and C, ie, we connected A,B,C together,logically(Not a hub-and-spoke topology, instead, i guess we should call it a full-mesh). we hope that by this design, each site can have VPN access to any other site. Due to the budget constaint, and given the number of users at each site, we choose to deploy a 2651 VPN bundle at site A, 2611 VPN bundle at site B, and a 1720 at Site C.

and now we got the following questions:

1.We want the 2651 to provide VPN access for all the mobile users and remote offices with cisco VPN client, or MS windows vpn client. is it possible for 2651 to do this, i mean, does 2651 support remote access vpn application naturally? or do we have to install an extra software like Cisco ''easy vpn server'' on 2651, or other software i don''t konw about? and if 2651 do support remote access vpn, is it tricky for 2651 to perform user authentication for both site-to-site and remote access vpn users?

2.can 1720 accept VPN connection requests initiated from other VPN sites, say, Site A, or B. or we should install a Easy vpn server? or this kind of solution can''t work at all.

3.is it ok to use 26XX like this in this kind of VPN deployment environment? (it kinda serve as a head-end vpn router in the design, while it is suggested in cisco's solution that 26XX should be used at branch, use a 36XX or 76XX at the central office as a head-end instead). Due to the buget issue, we can''t afford a 3600 or 7100...

we have little experience in implementing a VPN network, so pleeeas help out. or offer us some alternatives, Thanx a lot!

Labels:
0 Helpful
4 Replies 4

0sgruttadauria
Level 1
Level 1

‎04-22-2002 12:03 PM

1. It is possible for the 2651 to terminate client tunnels, but you really want to use an external authenticator, such as RADIUS, to authenticate. Your clients should use the Cisco VPN client software. The box can terminate both client and gateway tunnels simultaneously, with no additional software.

2. The remote 1720's can accept tunnel requests from each other, or any other IPSEC device without additional software. Just set up a tunnel per Cisco documentation.

3. the 26xx is fine, depending on the amount of traffic. You will have to check Cisco documentation to determine the number of tunnels supported. If you want high volume, use a 71xx series router.

0 Helpful

yucheng-zhao
Level 1
Level 1
In response to 0sgruttadauria

‎04-22-2002 05:12 PM

Thanx for your help, really appreciate it. You cleared my doubts & saved my day :)

BTW, i've got a trivial question:

can 26XX /17XX support M$ windows embeded VPN software clients?

Thanx in advance.

0 Helpful

fmadar
Level 1
Level 1
In response to yucheng-zhao

‎04-23-2002 05:24 AM

It dependes on IOS version. Take a look at

http://www.cisco.com/warp/customer/707/cmatrix.shtml

0 Helpful

yucheng-zhao
Level 1
Level 1
In response to fmadar

‎04-24-2002 02:29 AM

Thanx, this link's been a great help to me :)

0 Helpful
Customers Also Viewed These Support Documents