[nsp] VPN product recommendation.

[Terry Baranski]

I'm researching various VPN endpoint solutions for our HQ site, and am
hoping I can get some recommendations from those who have experience
with this stuff. 

Essentially, we're in need of a device to terminate customer VPN tunnels
at HQ (site-to-site).  We're currently doing this at the firewall, but
we don't consider this to be scalable -- we'd rather let the firewall
filter packets and terminate the VPN tunnels on a device meant for such
usage. 

I was originally looking at VPN concentrators exclusively, but I noticed
that various router platforms (3600/3700/7200) have VPN modules that, if
the specs are accurate, will more than suffice for our purposes as far
as bandwidth and number of simultaneous tunnels go.  This has me
wondering what the differences are between VPN concentrators and VPN
router modules. When is one typically chosen over the other?  A sales
rep mentioned that the concentrators are typically used for dial-up
users and VPN routers are typically used for site-to-site tunnels.  Is
this accurate?

We also need a router for the segment that the VPN device will live in,
so a VPN router would kill two birds with one stone if it will suffice.
It looks like a 3700 series router can terminate a couple thousand
tunnels at upwards of 200mbps as per the datasheet. But I don't know if
these numbers reflect reality. 

So, what do you folks recommend to terminate site-to-site VPNs with
customers?  Any advice would be appreciated.

Thanks,
Terry