[c-nsp] VPN Solutions

Kevin Graham mahargk at gmail.com
Wed Dec 1 23:27:28 EST 2004


On Wed, 01 Dec 2004 07:37:02 -0800, Steve Francis
<sfrancis at fastclick.com> wrote:
> While on the topic, can someone list pros/cons of a windows server based
> VPN concentrator versus a VPN3000 or IOS device?

I've been quite happy w/ PPTP to an IOS device with in an
internet-in-VRF config. Use IAS against an IAS server for the active
directory auth and its very hands-off. For 20-30 simultaneous users
doing "general" workloads, 3620 doesn't break 10% cpu.

Have been working on migrating to L2TP+IPSec, however am stuck on IOS
rejecting proxy identies from XP clients and TAC response has been so
far that "L2TP is a Microsoft proprietary standard and they cannot
support it" (yeah, I know).

I've played with the VPN3000 and haven't been particurally impressed
-- IMHO, the config interface is really lacking if you're doing
anything but the Unity client and I've overall been underwhelmed by
it..

The simplicity and managability of an IOS device for this has been
great and I'd be reluctant to do it any other way. Only wish is that
there's be better support and/or coordination with Microsoft on this
functionality (ObConspiracyTheory this would undermine VPN3k sales and
would "overly commoditize" VPN client connectivity).


More information about the cisco-nsp mailing list