[nsp] Cisco 827 Real World VPN

Jason Lixfeld jason at lixfeld.ca
Thu Jun 26 13:38:48 EDT 2003


On Thursday, June 26, 2003, at 08:32  AM, Cisco Geek Rotation wrote:

> I have a customer that wants to put a 827 in their office for their 
> main office router and firewall, and they want to tunnel to it from 
> their homes using the Cisco software VPN clients.
>
> Client 1 ------  827 Router ----- Office Private LAN 192.168.1.0/24
>                            |
> Client 2 ----------------

IMO, you want to look at the 837.  The price is the same as the 827 and 
the 837 is newer with newer hardware features.

> etc.
>
> I don't believe they ever tunneled more than 3 clients at a time.

Spend a minute or two on Cisco's website and find the docs on the 830 
series CPEs.  They are very detailed and will answer all of your 
questions.

> Up to this date, I've always done this using Netscreen software 
> clients and Netscreen firewalls.  This customer requires a Cisco 
> solution (their requirement).

Good choice on your customer's part, IMO.  I'm using a Cisco IOS VPN 
aggregator, Netscreen CPEs and Efficient CPEs for a large scale point 
of sale VPN system for a large, multi-site customer and I'm having 
nothing but problems.  Anything the Netscreens or Efficients can't do, 
I could drop in an Cisco 800 series and it would fix the problems in a 
heartbeat, but the customer is penny pinching and doesn't want a decent 
CPE (even though a) netscreen's are more expensive and b) they are 
passing all of their point of sales traffic over ipsec via these CPEs).

> The customer was previously using a Netopia router to handle the VPN 
> tunneling chores, and apparently they encountered poor performance.  
> Apparently Netopia makes a VPN accelerator card to make the 
> performance better but they never tried that.
>
> So my questions are:
>
> 1. What software do I have to buy from Cisco for the software client?

You need the Cisco VPN client which is available to registered users on 
the Cisco website.  Best bet is to check with Cisco, but I think you 
may need a support contract in order to get the VPN client access -- 
support on an 837 is only an extra $200 or so, if I recall.  Having the 
support contract will be good for when you are trying to configure the 
client and the CPE and can't quite get it.  The Cisco's can very 
verbose and complicated because they are so feature rich.  Having a 
technical resource at your disposal to get the system up and running 
quickly and properly is of much more value than the $200 for the 
support contract, IMO.

> 2. Are they likely to encounter the same performance problems they had 
> with the Netopia?

Hardly.

> Any other hints on how to make this hassle free are welcome also.

Can't help you on the up selling sales person side of things.  Sales 
people will be sales people, bottom line.  Get their advice, do some 
research and make the best decision for yourself if you don't like what 
they have to say.  Regardless as to whether they try to up sell you or 
not, you get straight answers from them on the components that are 
required and usually people around here will pass on a few pieces of 
info if you ask nicely :)

> Thanks,
> Chris
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list