[c-nsp] VPN Solutions

Steve Francis sfrancis at fastclick.com
Wed Dec 1 10:37:02 EST 2004 

While on the topic, can someone list pros/cons of a windows server based 
VPN concentrator versus a VPN3000 or IOS device?

We need to set up a VPN system, and our IT department is volunteering to 
do it with a windows server.
Other than being loathe to expose anything Microsoft made to the 
Internet, even on ipsec and isakmp ports only, is there any reason to 
not do that?
I expect that our use will be such that scalability and performance will 
be OK even on a software platform like a windows server.
But is there any great security/manageability or other differentiators? 
No ssl vpn for one, but that's OK.
(Given we'll be wanting to authenticate users against active directory 
anyway - possibly with 2 factor authentication a bit later.)
TIA.



Nauwelaerts, Nick (CM Belgium) wrote:

>>-----Original Message-----
>>From: cisco-nsp-bounces at puck.nether.net
>>[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lawrence Wong
>>Sent: Tuesday, November 30, 2004 5:41 AM
>>To: cisco-nsp at puck.nether.net
>>Subject: [c-nsp] VPN Solutions
>>
>>Hi all,
>>
>>I am tasked to implement a small (~50 users) remote
>>access cum site to site VPN for my company.
>>
>>I was looking around and came across the Cisco PIX,
>>Cisco VPN 3000, Netscreen Firewall and others.
>>
>>Does anyone have experience in these or any other
>>suggestions? Any idea how is the licensing like for
>>VPN solutions? Is it based on per installed client
>>software or unlimited as long as the VPN server is
>>licensed?
>>    
>>
>
>I've just been testing a vpn concentrator 3020 for a week to replace a
>checkpoint based enduser vpn. So far I've been fairly happy with it. It
>did take some time to get PKI and active directory authentication going
>but once it's running it runs great.  LDAP seems a bit harder to get
>going but that isn't a requirement for us at this time.
>Our site to site tunnels will keep running on checkpoint however.
>
>Enduser licenses for all cisco vpn 3000 series are unlimited, for an
>overview you can go here:
>http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/prod_mode
>ls_comparison.html
>
>Even though the website says 1 available expansion slot my unit has 3
>available. I haven't found anything about if they will actually work or
>not. Redundant PSU is an option as well.
>
>// nick
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>  
>

More information about the cisco-nsp mailing list