Solved

hardware diff - Linksys / Cisco, Juniper

Posted on 2006-07-04
4
448 Views
Last Modified: 2008-02-01
Hey guys
What’s the difference between something like a linksys RV042 VPN router and other high end products

Like – Cisco, Juniper Networks, Fortinet, etc….

From a von, security standpoint is there huge security differences?
Is there a difference in the VPN capabilities?

Linksys can use a vpn software client that is pretty attractive.

Our current vpn is via F5 networks, a netscreen and is managed by a 3rd party. – this has been rock solid but costs us $114 per month but gives us access to our vpn via a website login.  

I’d like to set up out shop with some vpn access but I also don’t want to cause any security holes in choosing the “wrong” product.

The terminology on enterprise level products is very different then the business grade linksys RV042 which is very easy to use.

Any thoughts ?

0
Comment
Question by:mitchel_kuijper
4 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 125 total points
Comment Utility
Netscreen makes an excellent product, If you can avoid the monthly fees there is nothing wrong with their hardware, very nice units and approaching Cisco for features, security, and control.
Linksys is an very good product and offers most of the features of the Cisco units such as hardware to hardware VPN tunnels, or with several models such as the RV0xx series, client to hardware access. Although I have never had a problem with their client software, some seem to have problems with the Linksys client, in some locations. On the other hand the Cisco client is rock solid, and seems to work in most situations. As for the basic hardware Cisco offers far more configuration features, better monitoring tools, better client control, and by far the best support on the market, if you but a SafeNet support contract with the unit. Although I am sure Linksys will do the job for you, a Cisco unit such as the PIX series will likely offer you more control and somewhat better security.
Base units you might want to consider,
Linksys:
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1123638171618&pagename=Linksys%2FCommon%2FVisitorWrapper
Cisco:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html
0
 
LVL 9

Assisted Solution

by:jabiii
jabiii earned 125 total points
Comment Utility
Cisco and Juniper are both great products.
Juniper's NetScreen brand Firewall's and VPN's are awesome and what I personally recommend.  There are no monthly fee's for Netscreen. only a support contract, the same as with Cisco.

Part of choosing your FW, is what kind of support you will be utilizing, whether it be the vendor, or coming here. Your familiarity with the product, cost, performance, etc etc. All of it needs weighed in on your decision.  That's why when people post here asking for a FW. the First thing most expert's respond with, ok, what is your price range, what architecture are you going to be implementing it with, bandwidth etc etc.

The price for the NS depends on which version you get, the 10 user, plus (unlimited user), and extended. I think the base price is 515 or so.

I like the NS, for a bunch of reasons. Let me bore you :)
* I have put a NS infront of people who where clueless and they where able to figure it out. (small learning curve)
* It has both CLI and GUI available, both are logical, and very easy to use and understand. (as I belive the PIX does as well)
* Big one is performance, and throughput.
* their Knowledgebase and support are great, (Cisco's is too)
* It supports both Layer 3 modes and layer 2 modes. ( I Don't know if the PIX does can anyone answer that?)
* Size and weight are huge factors for me, I deploy them all over the world.
* No extra hardware, it's all flash, ie no moving parts to get broke. (except the power switch )
* One thing I love about them, is you can configure adminstrative IP's. Now on most equipment that just means only those IP's can manage the box, But the great part is, if your not an adminstrator, you don't get any response from the box on those administrative ports! (I've run Host scan's/ Intrusion Scan's etc for open ports not from admin IP's and admin Ip's)

Both have 10 vpn limit. Dimensions and weight are similar. But look at your performance.

CIsco 501 Security Applicance
 firewall throughput,                   60 Mbps
 3DES VPN throughput,               3 Mbps
 Concurrent connections:             7,500 (Cisco wins this one vs the 5series)
Dimensions (H x W x D): 1.0 x 6.25 x 5.5 in. (2.54 x 15.875 x 13.97 cm)
Weight: 0.75 lb (0.34 kg)

NS 5GT
Firewall performance                   75 Mbps
3DES VPN performance                20 Mbps
Deep Inspection (DI) performance 75 Mbps
Concurrent sessions                    2000
New sessions/second                  2000
Dimensions (H/W/L) 1/8.25/5 inches
1.5 lbs

C 501
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html

NS 5
https://www.juniper.net/products/integrated/dsheet/110034.pdf

My 2 cents :)

Here is a checklist, granted it's from Juniper so might be slighted, but will help you compare FW's for you.
https://www.juniper.net/solutions/literature/buyer_guide/710008.pdf

Here's some 3rd party studies of FW's.
http://www.cs.nmt.edu/~cs491_02/IA/firewall%20performance_files/0312rev.htm

2006 Products of the year
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1160468_tax299825,00.html?track=NL-20&ad=543466&adg=299807

2005
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1041739,00.html

You can also search here there are plenty of other threads like this one, choosing FW's and VPN's. comparing Cisco/Juniper/Sidewinder etc.
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_21704713.html
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now