according to this document:
I have two networks:
C2650 32F/128D IOS 12.4(17a) ADV SECURITY network link1 : shdsl (wic-SHDSL) (4096/4096 - MCR 200kbps) network link2 - backup: adsl (WIC-ADSL) (2048/512 - MCR 200kbps) int fast0/0 integrated: public /29 range for my servers int fast0/1 (NM1FETX) : private lan 192.168.0.*
actually: C2611 16F/64D IOS 12.3(24) IP FRW PLUS 3DES network link1: adsl (WIC-ADSL) 640/256 (MCR 200kbps) eth0/0: private lan eth0/1: public /29 range for my servers
I wuold like to establish a VPN Tunnel from site A to site B:
I would like to establish the tunnel from the site A (using network link 2) to the site B:
I am not sure if I will use 3DES 168 or AES. I would like to offload the vpn encryption work from the cpu of the router, using an AIM VPN Module to do the job. In the SITE A I could use on the C2650 a AIM-VPN/BP or a AIM-VPN/EP; on the2611 on the site B I could use a AIM-VPN/BP.
Both cards encrypt via Hardware the 3DES algorithm.
------------------ I now am thinking that I could use a C2621XM (48F/256D) as core router for the site A, thus enabling the use of AIM-VPN/BPII that also support via hardware the AES algorithm.
What do you suggest to use, 3DES or AES? I would like to offload all I can on AIM hardware, to free up the cpu power. I could achieve that using the 3DES on the tunnel.
Since I am paranoid for security, I could replace on site A the 2650 with the 2621XM (reducing global pps but enabling the use of the AIM wich supports AES); on the site B I could replace the 2611 (dual ethernet) with the C2650 from the site A (integrated fasteth + fasteth on NM).
What do you suggest me?
Please note that I would like to have a secure tunnel just to link the two networks: no file sharing, no netbios in it, just some RDP, ssh connections and SNMP traffic; I just use that to access site A from B and vice-versa for remote administration.
Thank you for your answers.
Mr. Spadoni Network Administrator