[c-nsp] CPE for IPSEC

[Ziv Leyes]

Check out about "Thales"


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Michael Malitsky
Sent: Tuesday, August 05, 2008 1:36 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] CPE for IPSEC

Greetings,

The auditors are trying to force me to encrypt our WAN traffic.  The WAN
in question is Cogent's ethernet service - built as a mesh of
point-to-point VLANs.  There are 3 sites, at every site I have a single
port over which I receive 2 VLANs in a dot1q trunk.  Aggregate bandwidth
on the port is 200Mbps.  Putting in encryption seems fairly
straightforward - 3 static IPSEC tunnels.  I am trying to figure out
what kind of hardware can handle IPSEC at this bandwidth.  So far I am
looking at:
-ASA5520.  Specs say 225Mb of IPSEC - can the box actually handle that,
or should I be looking at 5540?
-7201 (or 7206) with NPEG2.  Do I need to add a VAM, or will the NPE
handle the load?

Any real-world experiences will be most appreciated.  Also, if there are
better suggestions (including non-Cisco), please share.

Thanks,
Michael Malitsky


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************






 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************