RE: VPN overkill?

["Thomas F. Szabo" <tszabo () diamondtech net>]

Hi,

You're right this is a great list.  I think a PIX at the remote end will
probably be sufficient.  I say probably because you didn't offer too
many details on the scenario.  A few questions I would ask are:  How
many user's at the remote site, what type of apps., what are they
connecting to, will there be servers at both sites, what type of
bandwidth are we talking about, etc.?  Depending on how much traffic
we're talking about you might want to consider offloading the encryption
from the PIX to another concentrator.  But like I said a PIX will
probably be sufficient for a lan to lan back to your main concentrator
at the main office.


Tom Szabo

-----Original Message-----
From: Ted A [mailto:arcturous () hotmail com] 
Sent: Tuesday, November 16, 2004 5:17 PM
To: security-basics () securityfocus com
Subject: VPN overkill?

All,
First off, good fun reading this list. Some really great advice and good

thinkers on here. Thanks for the great questions and great answers.

So here's my issue. I have an IT infrastructure manager who has raised a

requirement I find myself questioning.
We have a goal of connecting a remote office to a central office via a
VPN. 
This manager insists that only acceptable way to accomplish this is by 
connecting 2 VPN concentrators. I debate this, noting that a PIX should
be 
more than capable of handling this connection at the remote office and
the 
only place the concentrator is needed is at the central office.
Am I completely off my rocker, thinking that a second concentrator for a

single connection is a little overboard?

Thoughts?
Thanks,
Ted