Re: VPN overkill?

[Jamie Schmidt <jschmidt () buhler com>]

"Ted A" <arcturous () hotmail com> wrote on 11/16/2004 04:16:35 PM:

> All,
> First off, good fun reading this list. Some really great advice and good 

> thinkers on here. Thanks for the great questions and great answers.
>
> So here's my issue. I have an IT infrastructure manager who has raised a 

> requirement I find myself questioning.
> We have a goal of connecting a remote office to a central office via a 
VPN. 
> This manager insists that only acceptable way to accomplish this is by 
> connecting 2 VPN concentrators. I debate this, noting that a PIX should 
be 
> more than capable of handling this connection at the remote office and 
the 
> only place the concentrator is needed is at the central office.
> Am I completely off my rocker, thinking that a second concentrator for a 

> single connection is a little overboard?
>
> Thoughts?
> Thanks,
> Ted

For a site to site tunnel, we use 1700 series routers at the remotes which 
connect back to a PIX at the head office. 
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72b.html#12901

You can also have individual clients connect back using Cisco Secure VPN 
Client, 
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72d.html#wp1020201

or just using Microsoft built-in VPN connection capability
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72d.html#wp998179

Also see: 
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/index.htm

Depending on the PIX/licensing you purchased, you can potentially do quite 
a few of these connections using a single PIX.

-jamie-