Re: VPN Devices

[acs <springer_0 () yahoo com>]

I have used all three of the devices I mentioned.

I did not want to bad mouth Nortel.  But to offset
your glowing review.

The troughput is not good compared to the others I
mentioned.  The things are low end pcs running
VXworks.
Your load is on the big model, yes?  That thing costs.

The client has clobberd many folks 98 machines IP
stacks.  The gui gets very tiresome for COs with large
user bases, in fact it becomes so slow it is almost
unusable.  Nortel support leaves much to be desired. 

Getting the ipsec traffic out from where it is (behind
firewalls often) is more and more difficult due to
technology (NAT) and policy.

We have a bunch of the big nortels and a growing
number of the infoexpress servers.  The infoexpress is
not cheap or perfect but it is getting much more use. 
Getting out from behind NAT and proxies plus the
linux,
solaris, windows and mac clients are making it the
winner.

For speed, price and pure windows ipsec, netscreen
beats Nortel.  In fact, the client even does client to
client tunnels.

acs


 


--- Patrick Darden <darden () armc org> wrote:
> Nortel's Contivity Extranet Switches are fantastic. 
> Great
> interoperability with other VPN devices, especially
> wrt IPSEC.  Stable
> like a rock.  Reliable.  Excellent Client that has
> caused us No problems
> whatsoever.  We are very happy in every way.
>
> Throughput is middle of the road.  We have 3 T-1s so
> we are not pushing
> our switch at all.  IPSEC 3DES Md5, 1000
> simultaneous tunnels, 22 branch
> offices, 350 doctors, and miscellaneous other mobile
> employees.
>
> There are other great solutions out there,
> expecially if you want to roll
> your own, but I haven't run into any other packages
> so well thought out
> and that cause so little administrative overhead.
>
>
> --
> --Patrick Darden                Internetworking
> Manager             
> --                              706.354.3312   
> darden () armc org
> --                              Athens Regional
> Medical Center
>
>
> On Thu, 30 Aug 2001, acs wrote:
>
> > Yes,
> >
> > They are decent.  Up until recently they were one
> of
> > the best options.  IPsec, L2TP etc.  Easy to
> manage
> > gui.  Some theoretical redundancy, pretty
> scalable. 
> > Limited command line, costly, no unix clients.
> >
> > I would recommend that you look at netscreen. 
> Command
> > line, gui and enterprise management.  They are
> fast
> > and are good as packet filters with VPN.  They
> also
> > work in layer 2 mode.  I have only used them as
> PFs
> > though.
> >
> > If you need a VPN that can get out from behind NAT
> and
> > firewalls look at infoexpress.  You can get it out
> > through proxies and NAT, it has solaris and linux
> > clients.  Server runs on a SUN machine.  Clients
> are
> > costly though.
> >
> > acs
> >
> >
> > --- Randy Garbrick
> <randy.garbrick () gettyimages com>
> > wrote:
> > > Does anyone have any experience with Nortel
> > > Contivity VPN devices?  I am looking for real
> life
> > > information on throughput, ease of use,
> security,
> > > reliability, redundancy and scalability.
> > >
> > > Randy Garbrick
> > > Senior Internetworking Engineer
> > > Getty Images
> >
> > > ATTACHMENT part 2 application/octet-stream
> > name=Randy Garbrick (E-mail).vcf
> >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email alerts & NEW webcam video instant
> messaging with Yahoo! Messenger
> > http://im.yahoo.com
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
> >




__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards