Firewall Wizards mailing list archives
Re: VPN Devices
From: acs <springer_0 () yahoo com>
Date: Fri, 31 Aug 2001 13:38:39 -0700 (PDT)
I have used all three of the devices I mentioned. I did not want to bad mouth Nortel. But to offset your glowing review. The troughput is not good compared to the others I mentioned. The things are low end pcs running VXworks. Your load is on the big model, yes? That thing costs. The client has clobberd many folks 98 machines IP stacks. The gui gets very tiresome for COs with large user bases, in fact it becomes so slow it is almost unusable. Nortel support leaves much to be desired. Getting the ipsec traffic out from where it is (behind firewalls often) is more and more difficult due to technology (NAT) and policy. We have a bunch of the big nortels and a growing number of the infoexpress servers. The infoexpress is not cheap or perfect but it is getting much more use. Getting out from behind NAT and proxies plus the linux, solaris, windows and mac clients are making it the winner. For speed, price and pure windows ipsec, netscreen beats Nortel. In fact, the client even does client to client tunnels. acs --- Patrick Darden <darden () armc org> wrote:
Nortel's Contivity Extranet Switches are fantastic. Great interoperability with other VPN devices, especially wrt IPSEC. Stable like a rock. Reliable. Excellent Client that has caused us No problems whatsoever. We are very happy in every way. Throughput is middle of the road. We have 3 T-1s so we are not pushing our switch at all. IPSEC 3DES Md5, 1000 simultaneous tunnels, 22 branch offices, 350 doctors, and miscellaneous other mobile employees. There are other great solutions out there, expecially if you want to roll your own, but I haven't run into any other packages so well thought out and that cause so little administrative overhead. -- --Patrick Darden Internetworking Manager -- 706.354.3312 darden () armc org -- Athens Regional Medical Center On Thu, 30 Aug 2001, acs wrote:Yes, They are decent. Up until recently they were oneofthe best options. IPsec, L2TP etc. Easy tomanagegui. Some theoretical redundancy, prettyscalable.Limited command line, costly, no unix clients. I would recommend that you look at netscreen.Commandline, gui and enterprise management. They arefastand are good as packet filters with VPN. Theyalsowork in layer 2 mode. I have only used them asPFsthough. If you need a VPN that can get out from behind NATandfirewalls look at infoexpress. You can get it out through proxies and NAT, it has solaris and linux clients. Server runs on a SUN machine. Clientsarecostly though. acs --- Randy Garbrick<randy.garbrick () gettyimages com>wrote:Does anyone have any experience with Nortel Contivity VPN devices? I am looking for reallifeinformation on throughput, ease of use,security,reliability, redundancy and scalability. Randy Garbrick Senior Internetworking Engineer Getty ImagesATTACHMENT part 2 application/octet-streamname=Randy Garbrick (E-mail).vcf __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instantmessaging with Yahoo! Messengerhttp://im.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
__________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: VPN Devices Patrick Darden (Sep 03)
- Re: VPN Devices acs (Sep 03)
- Re: VPN Devices Patrick Darden (Sep 05)
- Re: VPN Devices acs (Sep 03)