Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VPN Setup Advice

Posted on 2004-09-20
2
Medium Priority
?
240 Views
Last Modified: 2011-09-20
Hi Guys,

I would like some advice on which Cisco Equipment to use to create a good and fast and potentially redundant VPN implementation. The connection will be used to connect one LAN to another LAN by aggregating DSL lines on one LAN to come into a E1 connection on the other LAN.

The idea is to have good equipment and low latency caused by any network equipment and be secure to a normal standard like 3 DES.

I was thinking of having a PIX on the primary site and a VPN concentrator. Whats the advantage of having both. Would I then need both on the remote side too or could I get away with just a Pix on the remote side. I.E is there such a difference in using PIX alone, or with VPN accellerator cards, or with Concentrators. Also how do you aggregate DSL connections to use over this.

Thanks for the advice.
0
Comment
Question by:halcyone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 12105432
One Q at a time:
>I was thinking of having a PIX on the primary site and a VPN concentrator. Whats the advantage of having both.
The CPN concentrator gives you much more flexibility in dealing with roving clients. You get Active Direcory or native NT authentication, fine granular control over the client, enforce policies, etc.

>Would I then need both on the remote side too or could I get away with just a Pix on the remote side.
For LAN-LAN it does not really buy you much over what you get with the PIX at no additional charge. I see no reason whatsoever to have both, especially  not at the remote location, unless you have a large contingent of individual VPN client users. 1 PIX on each end is all you really need.

>is there such a difference in using PIX alone, or with VPN accellerator cards, or with Concentrators.
The newest PIX's with "e" designator, such as 506E, 515E, are "Enhanced" with an onboard VPN accelerator. This offloads the IPSEC encryption processing to a daughter card instead of doing it all in software. Unless you have a significant number of simultaneous connections, you can do without and be just fine.

>Also how do you aggregate DSL connections to use over this.
Ah, there's the rub. A PIX can have one and only one default gateway, so putting 4 DSL modems out in front of it won't do you a lick of good.  The other issue is IP addressing. Your PIX can have only one public IP address assigned to it. Each of the DSL lines will provide its own IP public IP address. This is not an easy thing to overcome. You might want to look at some other product, such as the FatPipes VPN solution (big money):
http://www.fatpipeinc.com/mpvpn/

>create a good and fast and potentially redundant VPN
You might consider using a router to terminate all of your DSL connections instead of a PIX. This will give you the ultimate flexibility. Routers will give you many more routing options than will the PIX. You can get the IPSEC feature set for almost any router and still do your LAN-LAN VPN tunnel at 3DES or AES.  Or, you can have both a router and PIX. Terminate the VPN on the PIX regardless of which DSL line the request comes in on.
Either that, or reconsider using DSL and to with dual T1's or something. At least then you could use BGP. Load-sharing accross multiple Internet connections is what BGP does well.




0
 

Author Comment

by:halcyone
ID: 12121286
Thanks, that was very helpful.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question