cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
521
Views
0
Helpful
6
Replies

Best Cisco IOS device to terminate VPNS

Matthew burnley
Level 1
Level 1

Hey all,

 

I have a requirement for 2 Cisco devices that support GRE to sit in front of our firewalls in a datacentre, Each Router will terminate encrypted GRE tunnels running OSPF.  there are 5 remote offices with 2 GRE tunnels per office.  So each router needs to be able to terminate 12 encrypted GRE tunnels each.

 

The ASA does not support GRE - What kind of other Cisco hardware can i use to terminate these VPNS?  It needs to be able to encrypt/decrypt 100Mbps of traffic.  Will i need a VPN accelerator card of some sort?

 

 

Many thanks.

 

Matt

6 Replies 6

It depends on the platform if you need a dedicated crypto card. For your requirement I would look at the 4331 with performance license or at the 4351.

Hi Karsten,

 

Thanks for your input.  It does not say what kind of VPN processing capabilities these routers have in the specs?  Would i need a dedicated VPN module to handle the encryption/decryption for traffic  running through 6 gre tunnels simultaneously?

 

I was looking at cheaper options for the branch offices, would say a 3825 with the following module be sufficient?  Do we know what how much vpn traffic this module will handle?

  1 x AIM-VPN/SSL-3  Module

Hi Matthew,

 

You can go for any of the AIM modules for 1800,2800 or 3800 series router.

 

http://www.cisco.com/c/en/us/products/collateral/routers/2800-series-integrated-services-routers-isr/data_sheet_vpn_aim_for_18128003800routers.html

 

User AES-128 rather than 3DES.  3DES and other flavors of AES are more CPU intensive.

 

Regards,

Puneesh

Please rate helpful posts

I'm considering these for the DC's.

 

Cisco Small Business ISR4431/K9 Router 4 x 10/100/1000Mbps LAN Ports

 

Any idea how much for the SEC license and then the HSEC license?  Cant find any info anywhere on cost?  Anyone have any ideas at all?

The list-price for the SEC-bundle with HSEC-license is $14500, without SmartNet support. So you will probably pay something about $10k/$11k per box with SmartNet. But better ask your preferred reseller for exact prices.

For ISR G1, just be aware that these are EOS and don't support modern cryptography. And the 1800 and probably even the bigger 2800 are too slow for your needs.

The 4300 don't need any additionally crypto-hardware.

If you want to go for used equipment better go for a ISR G2 like a 3900. These routers are still supported and run recent crypto.