Re: [nsp] Cisco 7206VXR + IPSec lan2lan experience

From: Karl S. Hagen (khagen@greyhelm.com)
Date: Thu Jan 11 2001 - 01:05:04 EST

Next message: Neil J. McRae: "Re: [nsp] Loading up a 7206VXR/400/2FE"
Previous message: Shane Amante: "[nsp] Cisco 7206VXR + IPSec lan2lan experience"
In reply to: Shane Amante: "[nsp] Cisco 7206VXR + IPSec lan2lan experience"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Ive been using 7206's with NPE200 and no ISA's.. doing 20 - 30
IPSEC encrypted GRE Tunnels... the CPU isnt even breathing heavy.

   We have 7206VXR's with ISA and NPE300's going 100Mbit Ethernet
  encryption.. (basically GRE TUnnel with IPSEC wrapped around it).
   Again.. the 7206 isnt even breathing hard.

Honestly, the Altiga isnt a very clean way to do Site-to-Site, I
prefer a 2621 or 3640 connecting back to a 7206. Works like a champ.

Thus spake Shane Amante (shane@amante.org):

> Hello. I'm wondering what has been people's experience who have
> deployed a 7206VXR for termination of IPSec gateway-to-gateway
> tunnels. (Yes, I've read through Cisco's product literature, but I'm
> wondering what actual field experience has been as it relates to
> performance and software stability). In my case, I'm looking to get
> the most IPSec crypto (DES/3DES) performance out of the box across the
> largest number of tunnels.
>
> I'm considering the 7206VXR/NPE-400 with the multi-ISA feature to get
> the best performace. Has anybody played with this combination?
> What's the most number of tunnels you've terminated and the most
> amount of traffic you've witnessed in this or similar configurations?
>
> I realize the Cisco 3015 and up (a.k.a.: Altiga) are primarily used
> for remote-access VPN tunnel termination, but it can do LAN-to-LAN as
> well. Has anybody used this for a large number of LAN-to-LAN IPSec
> tunnels? Does it stack up better or worse in this configuration vs. a
> 71/7200?
>
> If people like, they can respond to me directly and I'll summarize the
> responses back to the list.
>
> Thanks for your help,
>
> -shane
>
> P.S. -- I realize and am aware of other vendors' boxes in this
> category, I'm just looking for Cisco 72/7100 experiences for now.

-- 
Karl S. Hagen                                   email: khagen@greyhelm.com
Cisco Certified Network Assoc. (CCNA)           pager email: 4317622@skytel.com
Chief Architect					pager: (888) 431-7622
Raytheon Information Security			http://www.greyhelm.com/~khagen/

Next message: Neil J. McRae: "Re: [nsp] Loading up a 7206VXR/400/2FE"
Previous message: Shane Amante: "[nsp] Cisco 7206VXR + IPSec lan2lan experience"
In reply to: Shane Amante: "[nsp] Cisco 7206VXR + IPSec lan2lan experience"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:25 EDT