RE: VPN overkill?

["d'Ambly, Jeff" <jdambly () Monster com>]

We have several remote offices that are really small. Buy a VPN 3030 for
a remote office is really wasteful IMO.

What I do is send out a 506E, and then create a tunnel from the pix to
the VPN3030 here in our datacenter

Just my 0.02$

-----Original Message-----
From: Tom Milliner [mailto:tom.milliner () verizon net] 
Sent: Tuesday, November 16, 2004 9:31 PM
To: 'Ted A'; security-basics () securityfocus com
Subject: RE: VPN overkill?

What is a concentrator?  We have a central office Pix 515E,
and as far as I know, multiple remote offices with Pix 501
or Pix 506E can connect to it via VPN. 


 
Tom Milliner, CPA, MCSE
2404 Summer Place Dr.
Irving, TX  75062
(214) 540-2741
tom.milliner () verizon net

-----Original Message-----
From: Ted A [mailto:arcturous () hotmail com] 
Sent: Tuesday, November 16, 2004 4:17 PM
To: security-basics () securityfocus com
Subject: VPN overkill?

All,
First off, good fun reading this list. Some really great advice and good

thinkers on here. Thanks for the great questions and great answers.

So here's my issue. I have an IT infrastructure manager who has raised a

requirement I find myself questioning.
We have a goal of connecting a remote office to a central office via a
VPN. 
This manager insists that only acceptable way to accomplish this is by 
connecting 2 VPN concentrators. I debate this, noting that a PIX should
be 
more than capable of handling this connection at the remote office and
the 
only place the concentrator is needed is at the central office.
Am I completely off my rocker, thinking that a second concentrator for a

single connection is a little overboard?

Thoughts?
Thanks,
Ted