Have you looked at the Cisco 3000 series VPN concentrators? They are awesome! Very easy to setup and configure. Have an excellent client that currently supports Win95/98/ME/NT/2000/Linux and there is Mac support in beta now. It also has a hardware client (the 3002) if you need remote offices or home users with several machines. It will sit behind a Cable Modem or DSL and grab an IP and hand out DHCP (up to 254 addresses) inside. The 3000 series is also fully capable of creating site-to-site VPN connections with PIX and IOS routers as well as other 3000 series concentrators. They have 4 different models (I think) and the low end is very inexpensive. The top end scales to 10K concurrent connections and also fully supports VRRP for redundancy. If you want any more information just let me know! We have been using one for about 6 or 8 months and it has been perfect. The 3000 series also fully supports NAT, as it opens the packet up and looks at the actual IP address. Works great.
Tim ----- Original Message ----- From: "Brian Wilkins" To: Sent: Sunday, October 28, 2001 11:51 AM Subject: RE: VPN [7:24231] I've used a few variations of VPN products and here are some thoughts that might help. 1. Use something that supports "industry-standard" specs such as IPSEC, ISAKMP, etc. In the past I have primarily used Shiva (now Intel) which is REALLY easy to deploy and manage, but is also very proprietary. Now we are switching VPN solutions, and will be forced to redistribute client software (bummer). I believe Intel's new solution is headed more in the direction of industry standard specs, but may not quite be there yet. 2. Consider how your internal Internet connectivity is configured. If you are using NAT for your internal users to get to the Internet, and are going to try to run VPN through a NAT'd address, you have a problem. Industry standard VPN (IPSEC) uses TCP, and does not play well with NAT (because of the port # switching, etc). There is currently a big discussion underway about how to get around this problem, which they claim will be resolved soon. If your VPN solution uses UDP, such as Shiva does (or did until Intel dropped the product recently), you can get away with NAT because you are using UDP. There was a good article in last month's edition of "Information Security Magazine" that explained it much better than I could hope to. Anyway, hope that helps. Since my company is also looking into replacing our VPN solution, I'd be glad to work together with you and compare notes as we go along through the process. So drop me an email if you are interested. Best Of Luck, Brian Wilkins CNE / MCSE / CCNP khramov wrote: > > Does anyone have any recomendations on VPN producs? Links to > articles > and personal experience woudl be great. > As far as know Cisco VPN concentrators, Check Point, and Nokia > rules the > market. What is your opinion on that. > > Thanks, > Alex > > [GroupStudy.com removed an attachment of type text/x-vcard > which had a name of khramov.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24422&t=24231 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
