It depends upon what you mean by "VPN".
The term VPN has become overhyped to the point where we find ourselves in a
dilemma along the lines of the supreme Court vis-a-vis pornography in the
70's We all know what it is, but we just don't know how to define it. :->
In my estimation, at it's very basic, a VPN is a network that uses the
public internet as transport. I put my servers here and my workstations
there and everyone gets to systems and services via the internet.
In my estimation, security is a separate issue, and should remain so for the
following reason. If one defines a VPN as a "secure way of using the
internet to transport private traffic" then one has determined that the
solution is secure without further evaluation.
Ways of securing traffic across the internet:
1) Compression. If the data portion of a packed is compressed, then one has
intercepted that traffic must recognize that it is compressed and then
uncompress it with the correct algoreythm. Not that there are a lot of
choices.
2) GRE tunnel. Again, anyone who intercepts traffic must recognize that this
is GRE encapsulated, and must reverse the process
3) L2TP etc
4) IPSec / 56 DES must recognize as IPSec traffic ( easily done - IP
protocol # 50 or 51 in the IP header, but then must know the underlying
level of encryption, and then decrypt. Somewhat easily done by brute force
using current standard desktop computers. Estimated 10-12 hours using
today's high end equipment
5) IPSec /128 DES etc but the likelihood of brute force cracking of the key
such that it would take 100 years or so using current high end computer
equipment
6) Etc
As to whether or not a 2500 can do any of these things, the answer is yes,
given the appropriate IOS feature set.
As to whether or not you WANT to use a 2500 to do any of these things, that
will depend upon amount of traffic, number of connections, type of security
you are using, size of pipe you are using ( yes there are issues with
bandwidth available on an IPSec interface. And bigger is not necessarily
better here )
FWIW, I talk to customers regularly about this. Many people want to
"leverage their existing Cisco equipment" to do VPN's. I try to educate them
on the relative merits of attempting to use those old 2501's, placing
encryptor cards in higher end equipment, or going with a new dedicated VPN
tunnel box, such as CVPN, Checkpoint, or VPNet
In a lab setting, the 2501 is fine. In a production setting, just be aware
of the limitations.
HTH
Chuck
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, August 19, 2000 2:11 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Cisco 2500 router for VPN
Can you setup a VPN on a Cisco 2500 series router with the right IOS
level?
like the 1720 or 1750?
Brian
Email Address [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
