I subscribe to several of the Discussion Forums here and find the information priceless. I see different strings about VPN but using either routers, PIXs or VPN Concentrators to do it. What's the more secure way of doing VPN? For my environment I have at home users with cable and DSL modems. I have the 3005 Concentrator and they run a 3.x software client. Is there another way to do VPN that would be more secure?
Cisco puts VPN technology in a variety of their products to allow flexibility in many environments. The concentrator to vpn client solution is the easiest from a management standpoint in my opinion but all are as secure as the other. The basic IPSEC fundamentals are built into all versions of all platforms. Variations of IPSEDC are more secure than others (i.e. DES vs. 3DES)
Encrypted leased circuits would be more secure, as would encrypted MPLS or L2F (VPDN) VPN services. However both cost and availability tend to make these impractical, especially for home users.
The major weakness of user VPNs is the client PC, but as long as you are enforcing good up-to-date anti-virus and personal firewall software on the clients and using 3DES encryption, you needn't worry (much!).
As another note stated previously the weak link is the client pc. I would suggest that your remote user with cable of dsl connections use the pix501. It is a new firewall product, hardware based, and comes with a 4 port 10baseT built in Switch. It has the full PIX IOS Features that the Pix506 has.