We are a retail organization, and are planning on using a VPN over the Internet to communicate with our stores. We currently have about 1100 stores across North America. We are planning to use 1720 routers in each store. I'd like some help on a number of aspects of the design:
1: Authentication - shared secrets doesn't seem to scale, but a CA may have administrative overhead. What should we use? What has been done? What lessons can you share?
2: The data center - We are planning on using redundant 3030 VPN concentrators. Is this the best choice? Is it better than 7140s?
3: Acquistion & rollout - How did you stage this volume of routers? How did you ensure the config was accurate? Did you do it remotely?
4: Management - How valuable is Ciscoworks in a space like this? What can it do? Manage authentication? IOS revs? How critical is out of band management?
Thanks,
Conrad