04-06-2006 11:30 AM - edited 02-21-2020 02:21 PM
I usually deal with LAN/WAN issues but have very little experience with designing VPN's. I would like to know if I have the right idea or if there is a better solution to be designed.
Scenario:
There is an HQ with two remote offices. The remote offices have 10-20 people each with little to no growth planned and each have different firewall solutions. The HQ has 40-50 people with tremendous growth expected and a PIX 515E. The IT manager would like site-to-site VPN's for the remote offices and remote access VPN's for travelers. His biggest concern is speed across the site-to-site tunnels.
My solution:
Place a VPN 3005 Concentrator behind the PIX at the HQ and 800 series routers with VPN and Firewall feature sets at the remotes.
Does this look adequate? Any other recommendations?
Solved! Go to Solution.
04-10-2006 08:39 PM
No I dont think so. This should be fine for the 515 alone.
04-07-2006 11:25 AM
Nobody has input? Would this even work?
04-08-2006 07:56 AM
Well why do you need a VPN concentrator. You can terminate the tunnels on the PIX515 itself.
04-08-2006 10:18 AM
Thanks for the response.
I was thinking of using a VPN concentrator since I need to terminate two tunnels and remote access VPN's. I thought they might tax the PIX.
I also thought about just buying two 501's for the remote sites and upgrading the 515. It would be cost effective but do you think the 515's performance would suffer with all those tunnels?
04-09-2006 06:18 AM
How many tunnels are you looking at ? I think the 515 should handle all these tunnels with a VAC. You wouldnt need another concentrator. BTW r u using the 515 or 515 E. If 515, then suggest moving to 515E as it is EOS
04-10-2006 07:08 AM
2 site-to-site tunnels and say 10 to 20 remote access VPN's at any given time. Would this level of use require a VAC?
Thanks again,
Chris
04-10-2006 08:39 PM
No I dont think so. This should be fine for the 515 alone.
04-11-2006 05:17 AM
Thanks for the assistance!
04-10-2006 10:28 PM
Hi,
You have PIX at the HQ? So why do you need 3005? PIX is enought. For remote offices, it is up to you, also you can think about PIX'es 501 or 506
04-11-2006 05:16 AM
Thanks for your response. We have established that a concentrator is not necessary and the existing equipment should suffice with the addition of a 501 at the remote sites.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide