[c-nsp] CPE for IPSEC
Michael Malitsky
malitsky at netabn.com
Mon Aug 4 18:35:57 EDT 2008
Greetings,
The auditors are trying to force me to encrypt our WAN traffic. The WAN
in question is Cogent's ethernet service - built as a mesh of
point-to-point VLANs. There are 3 sites, at every site I have a single
port over which I receive 2 VLANs in a dot1q trunk. Aggregate bandwidth
on the port is 200Mbps. Putting in encryption seems fairly
straightforward - 3 static IPSEC tunnels. I am trying to figure out
what kind of hardware can handle IPSEC at this bandwidth. So far I am
looking at:
-ASA5520. Specs say 225Mb of IPSEC - can the box actually handle that,
or should I be looking at 5540?
-7201 (or 7206) with NPEG2. Do I need to add a VAM, or will the NPE
handle the load?
Any real-world experiences will be most appreciated. Also, if there are
better suggestions (including non-Cisco), please share.
Thanks,
Michael Malitsky
More information about the cisco-nsp
mailing list