Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2369
Views
0
Helpful
8
Replies

Which device to use for site to site VPN

Go to solution
ctusa2003am
Level 1
Level 1

‎01-20-2016 08:27 AM

Hi,

Can someone recommend a few inexpensive VPN devices, which will be setup to connect a few (20-30) site to site VPNs (each site not more than 5-10 computers. The sites will have different VPN devices (like regular Linksys or any other - just capable of IPsec site to VPN). What I need is one for my main site and hope get some suggestions.

Thanks,

Ashok

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
jagmeesi
Level 1
Level 1

‎01-20-2016 08:42 AM

Hi Ashok

Well i would say Cisco ASA firewalls 5500-x and Cisco ISR's/ASR's, both support Site-to-Site VPN to multiple sites.

You can look into those if they fit in your criteria.

Regards

Jagmeet

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ctusa2003am

‎01-21-2016 06:33 AM

Ashok

A 2901 will certainly do site to site IPsec tunnels assuming that it has the correct license/feature set. It would need the security license. If the customer is looking for the lowest cost solution it would certainly be cheaper to purchase the security license (if they do not already have it) than to purchase a new device.

If you are going to add 20 to 30 site to site IPsec tunnels for the router you might evaluate how much load is already on the router and what impact 30 tunnels might have on it.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
8 Replies 8

Go to solution
jagmeesi
Level 1
Level 1

‎01-20-2016 08:42 AM

Hi Ashok

Well i would say Cisco ASA firewalls 5500-x and Cisco ISR's/ASR's, both support Site-to-Site VPN to multiple sites.

You can look into those if they fit in your criteria.

Regards

Jagmeet

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to jagmeesi

‎01-20-2016 09:31 AM

Ashok

Jagmeet has identified your best alternatives, either an ASA or a router. Either of those might work well for you. My personal preference is that for site to site VPN the router solution gives you a bit more flexibility in how to set up the site to site VPN.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
ctusa2003am
Level 1
Level 1
In response to Richard Burts

‎01-21-2016 02:29 PM

Hi Jagmeet,

Will I have to worry about licensing if use 5505 or 5506 for Site to site always on IPsec VPN?

Richard, I will check on licensing on 2901. I also have an 1801 router and will check that too.

Thanks,

Ashok

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ctusa2003am

‎01-21-2016 02:40 PM

ASA 5505 can only handle a maximum of 25 VPN sessions. 5506 can handle up to 50, but you need the SecurityPlus license.

0 Helpful

Go to solution
ctusa2003am
Level 1
Level 1
In response to Karsten Iwen

‎01-22-2016 10:58 AM

Thanks .

Ashok

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎01-20-2016 11:33 AM

I agree with Rick that a router is much more flexible. On the ASA you have the traditional/unflexible crypto-maps and ... well that's all.

On the router you can integrate your routing into the VPN much easier through the use of different kind of tunnel-interfaces. In my designs, I always place routers for site to site when there are more than a handful of sites.

With low-end-routers already in place at the branches this flexibility doesn't help you much. But when these devices have to be replaced sooner or later, you'll have a much more powerfull VPN.

0 Helpful

Go to solution
ctusa2003am
Level 1
Level 1
In response to Karsten Iwen

‎01-20-2016 04:54 PM

Hi,

I started looking right after Jagmeet's post and found that ASA's will definitely do the job. Thanks Jagmeet for your thoughts. On this the question I have is, which model i.e. 505 or 506 ...or  [the customer doesn't care if that is nor supported any more - they told me that they can buy 2 if needed and if one goes down (no issues with the down time) - the other one can be brought on line to replace that]. They want the least expensive. Sorry - I have to work with this constraint.

On the router option (thanks Richard and Karsten), I am intrigued (especially some the points you listed as a plus points over ASA). They already have a 2901 (with 2  built in Gb ports 0/0 & 0/1 and additional 4 port card), so is this an option for my needs?

Will look forward to your thoughts.

Thanks,

Ashok

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ctusa2003am

‎01-21-2016 06:33 AM

Ashok

A 2901 will certainly do site to site IPsec tunnels assuming that it has the correct license/feature set. It would need the security license. If the customer is looking for the lowest cost solution it would certainly be cheaper to purchase the security license (if they do not already have it) than to purchase a new device.

If you are going to add 20 to 30 site to site IPsec tunnels for the router you might evaluate how much load is already on the router and what impact 30 tunnels might have on it.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents