[c-nsp] WebVPN/SSL VPN module for 6500
Justin Shore
justin at justinshore.com
Thu Jul 31 00:35:23 EDT 2008
Zahid Hassan wrote:
> Dear All,
>
>
> Does anyone know if there is any replacement module planned for WebVPN or
> SSL VPN for the 6500 chassis ?
>
> The current WebVPN Services Module is apparently already or will soon be
> declared EOL/EOS.
>
> http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6404/product_dat
> a_sheet0900aecd802aff73.html
I have to side with Gert on the risks of putting something like that in
a large chassis. I would recommend a different external platform for
terminating SSL VPN connections. You could use an ASA, a 7200 or even
an ISR. The approach we took was to use a pair of 3845s (though I would
have greatly preferred the 7200). You can even accomplish VRF-aware SSL
VPN termination with both the ISR or 7200 option. The ASA option
wouldn't be VRF aware but then again the FWSM isn't VRF aware either.
Just terminate the SSL VPN on a VLAN and put the VLAN in a VRF behind
the ASA. Any of these options would allow you to replace the solution
in the future as new products become available or as platforms are EoLed.
Justin
More information about the cisco-nsp
mailing list