RE: VPN device opinion

From: David Mitchell (david.mitchell@centientnetworks.com)
Date: Mon Apr 16 2007 - 17:31:51 ART

• Next message: Bill Mckenzie: "RE: VPN device opinion"
• Previous message: Guyler, Rik: "OT: VPN device opinion"
• Next in thread: Bill Mckenzie: "RE: VPN device opinion"
• Maybe reply: Bill Mckenzie: "RE: VPN device opinion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey Rick,

From a management perspective I really like the VPN Concentrator. It
has a good graphical interface that shows you the status of all your
tunnels, bytes in/out, etc. Once you master it, the debugging is also
very good.

For folks that aren't masters with IPSEC, most of the options are
menu-driven, and it's easy for non-technical folks to check the status
of tunnels and log them off as necessary.

I haven't had much experience with non-Cisco gear, but for a large
number of tunnels or remote-access users, I really like the
Concentrators.

- Dave
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Guyler, Rik
Sent: Monday, April 16, 2007 4:24 PM
To: 'cisco@groupstudy.com'; ccielab@groupstudy.com
Subject: OT: VPN device opinion

I'm replacing the entire edge network for my organization later this
year
and need an opinion from the group.
 
I have several dozen IPSec VPN tunnels to vendors that terminate
currently
on a 3660 router running 12.2T code. While I love using routers for VPN
work due to their excellent flexibility, I find that managing a large
number
of connections is cumbersome and awkward. The inability to nest ACLs or
create object groups makes the config (from the CLI) just crazy to work
around in.
 
I do have the latest version of Cisco Security Manager but don't have it
up
and running yet (waiting on the server) to see just how well it can
manage
my VPN router. If it's anything like VMS was then I won't likely use it
for
managent.
 
Here are my possible alternatives:
 
1) Stay with the plan of replacing the 3660 with a pair of 3845s running
IPSec SSO, etc. and use CSM to manage it
 
2) Replacing the 3660 with a pair of ASAs instead of the 3845s and use
CLI,
CSM or something else to manage it
 
Either way, I can work through the hassle of it the way it is but I have
others on my team that are not so comfortable with the CLI so I really
want
to use some other type of managent interface for their benefit.
 
Any advice or opinion on the subject greatly appreciated!
 
Rik

• Next message: Bill Mckenzie: "RE: VPN device opinion"
• Previous message: Guyler, Rik: "OT: VPN device opinion"
• Next in thread: Bill Mckenzie: "RE: VPN device opinion"
• Maybe reply: Bill Mckenzie: "RE: VPN device opinion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:36 ART