I've moved from VPN to RDP for most remote folks. RDP reduces the bandwidth requirement and the hit to the router/firewall, easier to manage, fewer pieces to manage and mitigates to large extent the users internet connection speed/quality. I could go on. My $.02
Cheers. ________________________________ From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2008 1:30 PM To: NT System Admin Issues Subject: RE: VPN Client's vs. Hardware I wouldn't so much worry about tying up the bandwidth with multiple software clients. At least, no more than a hardware client would. In other words, 2 software clients talking using separate clients will generate the same amount of traffic as two clients talking through a hardware client. Also, keep in mind that NAT/PAT gateways can and do wreak havoc on IPSec VPNs. You can compound this problem when you have more than one VPN client initiating a tunnel from the *same* source global IP address to the *same* headend VPN device. Just food for thought... >From an efficiency standpoint, consider this: Software Clients with Independent VPN tunnels = 6 to 8 SAs (4 IKE and 2-4 IPSec) on your ASA firewall assuming you only have 2 clients connecting simultaneously. The number(s) can grow exponentially the more software clients you add. Hence, you can expect CPU spikes on your firewall. Hardware Client Alone = 2-4 SAs (2 IKE and 2 IPSec) on your ASA firewall with room to grow for several users. I don't know how many tunnels your ASA handles, but for efficiency sake (and best practice), I'd go with a hardware client. HTH, Aaron ________________________________ From: N Parr [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2008 12:19 PM To: NT System Admin Issues Subject: VPN Client's vs. Hardware We will be setting up a remote warehouse location with a couple workstations to start with. Initially I'm going to have them VPN to our ASA and then terminal back home. What I'm trying to figure out is if multiple VPN software clients eventually start using more overhead/bandwidth than a hardware VPN? And if so then at what point? Obviously hardware would be simpler for everyone involved but there's additional expense involved that I'd like to avoid as long as possible. No matter how we do it the big bandwidth hit will be pushing print jobs back to the remote location. The connection will most likely be T-1 to the same ISP as our in house provider since the location is only a few miles away. Thanks Niles ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
