02-07-2010 05:00 AM
Hi,
We have near about 40 branches & looking for the VPN connectivity over Internet to HO and DR site to access the servers. Being the financial institute security is concerned.
So deliverable solution can be below :
1) Configuring IPSec between Cisco Router and Cisco vpn client for windows
2) Configuring IPSec between PIX and Cisco vpn client for windows
3) Configuring IPSec between Cisco VPN cncentrator and Cisco vpn client for windows
Which would be the best solution as per the security concerned, Please comment.
Regards,
Nilesh
02-07-2010 11:36 AM
nilesh_sawant wrote:
Hi,
We have near about 40 branches & looking for the VPN connectivity over Internet to HO and DR site to access the servers. Being the financial institute security is concerned.
So deliverable solution can be below :
1) Configuring IPSec between Cisco Router and Cisco vpn client for windows
2) Configuring IPSec between PIX and Cisco vpn client for windows
3) Configuring IPSec between Cisco VPN cncentrator and Cisco vpn client for windows
Which would be the best solution as per the security concerned, Please comment.
Regards,
Nilesh
Nilesh
Firstly i would rule out the VPN concentrator simply because it EOL and anything that is EOL is not as actively supported. So any major issues in the code and Cisco may well tell you to migrate to an ASA firewall.
So it comes down to a firewall vs a router.
With a router you can do a lot more than a firewall as it has all the IOS functionality. So you need to draw up your full list of requirements eg. a router has a fuller QOS feature set, a router can do PBR whereas an ASA cannot, a router can support equal cost load-balancing across multiple interfaces whereas ASAs have problems with all this. A quick search on this site will show you for example how many people would like PBR to be on an ASA.
But because a router can do a lot more there are also potentially a lot more bugs that could affect the device. The ASA is a dedicated firewall/IPS device and so is less of a jack-of-all trades.
Availability and throughput are also considerations as well as resiliency. You need to compare relevant data sheets of the routers/ASAs you are interested in.
Finally there is also the issue of management. If you have no expertise in house with ASAs then that is a plus point for a router.
So it's a compromise and that's why you need a full set of requirements.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide