Firewall Wizards mailing list archives
Re: Cisco IOS for Internet VPN
From: Misha <misha () insync net>
Date: Wed, 23 Jun 1999 22:38:47 -0500 (CDT)
We have been using IOS based IPSec for several months now and it seems to work great. One of the first products that deployed IPSec was the 1720 and had some problems, which took several months to shake out, but since then it has been very stable. IOS actually allows you to be more flexible with your crypto maps than most other IPSec devices I have seen, if you are comfortable with building access lists. Thinking of what will be involved in managing 10 or more sites, I am getting a little worried. If you are going to run IPSec on your existing router you will have to make sure they have enough hardware to handle the load. The 1720 does about 512k with DES, but the older 2501's we had could barely squeeze out 128k. In any case, you will likely need a memory upgrade. If you need to encrypt more traffic than the 1720 can handle, you should look at the 7120 and 7140 units (I woudl have to double check the models), which should be able to handle up to 90 megabits (some day, when the additional hardware for them comes out). If you want to use certificates, it may require some legwork. I know support for Entrust and Verisign is provided, but I have not seen anyone do it yet, and the details are very shifty. If you needed a dedicated VPN appliance, I would probably go with Red Creek though. Misha On Wed, 23 Jun 1999, Ferguson, Linwood wrote:
We have Gauntlet for our internet firewall, but a question came up the other day because of the location of a particular site and costs. How secure is Cisco IOS for connection to the internet purely to provide VPN tunneling to another one of our sites. Neither end would be permitted internet access through those routers, only access to the lans on each side. I realize there are issues of reliability and performance with such an arrangement, but that's a tradeoff we can evaluate. I have never wanted to depend on a router for a "firewall", but this is a bit different. Comments? Linwood Ferguson
Current thread:
- Cisco IOS for Internet VPN Ferguson, Linwood (Jun 23)
- Re: Cisco IOS for Internet VPN Misha (Jun 25)