[nsp] Cisco 2621 w/AIM-VPN performance?

Olav Langeland Olav.Langeland at activeisp.com
Fri Aug 22 14:28:44 EDT 2003

We are contemplating a change in VPN hardware, and are looking into two
- Cisco 2621 with max RAM, appropriate IOS and the AIM-VPN module,
redundancy via HSRP
- Cisco Concentrator 3005, redundancy via cluster or VRRP

Our needs are quite modest, 4-5 site-to-site tunnels, 30-40+ remote
users with Cisco VPN Client authenticated via Radius. Bandwith use is
usually low since it's mostly HTTP/Citrix/SSH/SQL traffic that goes
through it. We have some 3005 now for customer use and are quite
satisfied with them and I believe it would be sufficient for us, but the
100user and 4mbit bw limit is annoying. 
Any comments on the performance of a 2621 w/AIM-VPN? Is it better to
apply ACL for restricting VPN access to the network on the 2621 instead
of the firewall (VPN is on a separate DMZ zone)? Will it handle the
traffic mentioned above without any problems? Any arguments for choosing
it instead of the Concentrator?

Olav Langeland - olav.langeland at activeisp.com

More information about the cisco-nsp mailing list