Re: Vpn concentrator - health care client

[Chris Meidinger <chris.meidinger () badenit de>]

Hi Kris,

i see no reason to put in a Concentrator at all. I would place a 515 and 
let it handle the VPN. It can do 140mbit of aes256 VPN, which should be 
plenty for your needs. Just place that on the border, and do all of the 
rules over it. If you want to layer the defense with a firewall and 
seperate VPN, then the 501 should be a fine piece of Cisco equipment for 
your reqs. I, personally, would use a box from a different vendor 
though, in case both PIX and VPN Concentrator are hit by the same vuln. 
I'd recommend a Netscreen 5XT.

Cheers,

Chris


Kris Wingard wrote:

> We have a health care client who is looking into a VPN solution.  They
> need to allow up to 500 different users to come in over a VPN to run a
> web application, though will probably never have more than 50 concurrent
> connections.  They only have about 30 users at the main office who get
> out to the internet, etc.  We were considering recommending a PIX 501 to
> secure the connection and a VPN 3005 concentrator to terminate the VPN
> connections.  I would prefer to put in a PIX 515 so we could put the
> concentrator in a DMZ, but they are very price sensitive and they don't
> really need a 515 at all.  My question is, is it ok (being that they are
> healthcare) to simply put the concentrator behind the PIX 501 and just
> forward the VPN traffic in to it?  Any insight would be appreciated.
> Thanks!
>
> ---------------------------------------------------
> Kris Wingard
>  Network Engineer 
>  Synergistic Networks, Inc.  
>  7 South Main Street
>  Suite 217
>  Wilkes-Barre, PA  18701
>  Phone: 570.408.9888
>  Fax: 570.408.9889
>  Email:  kwingard () synergisticusa com
>  Web: www.synergisticusa.com
> ---------------------------------------------------
>
>
>