Security Basics mailing list archives
RE: VPN overkill?
From: "Ted A" <arcturous () hotmail com>
Date: Thu, 18 Nov 2004 18:11:52 +0000
All,Thanks much for everyone's input. It was very helpful and educational in some instances. Just goes to show that pure technical knowledge cannot be accurately mis-used without proper management misguidance.
I'm sure there are managers here who will scoff at that. ;) Thanks again. Ted <html><P> </P></html> From: "David Gillett" <gillettdavid () fhda edu> Reply-To: <gillettdavid () fhda edu>To: "'Ted A'" <arcturous () hotmail com>, <security-basics () securityfocus com>
Subject: RE: VPN overkill? Date: Wed, 17 Nov 2004 08:55:28 -0800 MIME-Version: 1.0Received: from mc6-f24.hotmail.com ([65.54.252.160]) by mc6-s12.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 17 Nov 2004 08:55:09 -0800 Received: from redstripe.fhda.edu ([153.18.96.108]) by mc6-f24.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 17 Nov 2004 08:53:54 -0800 Received: from HURON (quasar110.fhda.edu [153.18.129.110])by redstripe.fhda.edu (8.9.3/8.9.1) with ESMTP id IAA407615;Wed, 17 Nov 2004 08:52:42 -0800 (PST)
X-Message-Info: JGTYoYF78jElIi14WXgNu7TzbTEIRYYj X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Return-Path: gillettdavid () fhda eduX-OriginalArrivalTime: 17 Nov 2004 16:53:55.0368 (UTC) FILETIME=[06403A80:01C4CCC6]
While site-to-site VPNs like this handle a fair bit of bandwidth, they use a relatively small number of tunnels. Mostly, the places I've used concentrators have been either (a) for client-to-site deployments, with a large number of separate tunnels (mostly of fairly modest bandwidth), or (b) places where the encrypted bandwidth was so great that one or more hardware encryption processing modules were justified. It doesn't sound likely that your situation meets either profile, so I'd expect the VPN capabilities included in many routers and firewalls should be adequate. You may be able to sell this on the basis of a pilot deployment using on-hand/low-cost gear, with a plan to upgrade when (if!) traffic demands warrant it (see b above). David Gillett > -----Original Message----- > From: Ted A [mailto:arcturous () hotmail com] > Sent: Tuesday, November 16, 2004 2:17 PM > To: security-basics () securityfocus com > Subject: VPN overkill? > > > All, > First off, good fun reading this list. Some really great > advice and good > thinkers on here. Thanks for the great questions and great answers. > > So here's my issue. I have an IT infrastructure manager who > has raised a > requirement I find myself questioning. > We have a goal of connecting a remote office to a central > office via a VPN. > This manager insists that only acceptable way to accomplish > this is by > connecting 2 VPN concentrators. I debate this, noting that a > PIX should be > more than capable of handling this connection at the remote > office and the > only place the concentrator is needed is at the central office. > Am I completely off my rocker, thinking that a second > concentrator for a > single connection is a little overboard? > > Thoughts? > Thanks, > Ted > >
Current thread:
- VPN overkill? Ted A (Nov 16)
- RE: VPN overkill? Tom Milliner (Nov 17)
- RE: VPN overkill? David Gillett (Nov 17)
- RE: VPN overkill? Ted A (Nov 18)
- RE: VPN overkill? Keith Bucknall (Nov 17)
- Re: VPN overkill? Jamie Schmidt (Nov 17)
- Re: VPN overkill? Gautam R. Singh (Nov 18)
- <Possible follow-ups>
- RE: VPN overkill? Thomas F. Szabo (Nov 17)
- RE: VPN overkill? Jim McBurnett (Nov 17)
- RE: VPN overkill? Ted A (Nov 17)
- RE: VPN overkill? Thomas F. Szabo (Nov 17)
- RE: VPN overkill? Gary Freeman (Nov 17)
- RE: VPN overkill? d'Ambly, Jeff (Nov 17)
- RE: VPN overkill? Jeff Gercken (Nov 17)
(Thread continues...)