RE: VPN overkill?

["Jeff Gercken" <JeffG () kizan com>]

I usually choose hardware first on function then scale.  If a pix will
do the crypt functions in software and the cpu can handle the load then
go for it.  If, however, you expect to peg it then look for something
that can handle more traffic (either by increasing the processing might
or by moving it to hardware).

If you know how much traffic you're sending and know which cypher you'd
like to use it should be fairly trivial for a Cisco Presales Engineer to
point you to the right product.

-Jeff

-----Original Message-----
From: Jim McBurnett [mailto:jim () tgasolutions com] 
Sent: Tuesday, November 16, 2004 10:21 PM
To: Ted A; security-basics () securityfocus com
Subject: RE: VPN overkill?

Ted,
NO.. It is not overkill...
It depends on which VPN concentrators you are talking about..

IE a 3002 at the remote site.. $995 list-- Pix 506 $1295 list..
So I would say no...

Later,
Jim 

> -----Original Message-----
> From: Ted A [mailto:arcturous () hotmail com]
> Sent: Tuesday, November 16, 2004 5:17 PM
> To: security-basics () securityfocus com
> Subject: VPN overkill?
>
> All,
> First off, good fun reading this list. Some really great advice and 
> good thinkers on here. Thanks for the great questions and great 
> answers.
>
> So here's my issue. I have an IT infrastructure manager who has raised

> a requirement I find myself questioning.
> We have a goal of connecting a remote office to a central office via a

> VPN.
> This manager insists that only acceptable way to accomplish this is by

> connecting 2 VPN concentrators. I debate this, noting that a PIX 
> should be more than capable of handling this connection at the remote 
> office and the only place the concentrator is needed is at the central

> office.
> Am I completely off my rocker, thinking that a second concentrator for

> a single connection is a little overboard?
>
> Thoughts?
> Thanks,
> Ted