I am looking for a VPN solution with 1500 site-to-site connections.
The 3030 seems the obvious choice, but the PIX 515e with an accelerator card seems to fit the bill at less than half the price.
Any thoughts?
How did you plan to manage the authentication?
Would user attributes be important? e.g., per-user or per-group ACLs ? Downloadable ACLs?
Will the users be using you to proxy to the internet, or will you be doing split-tunneling for them, or will you be refusing them access to anything other than your internal resources while they are connected to you?
To what extent is "clientless" VPN (SSL) important to you?
Clientless VPN's not a requirement, nor is routing between sites. Only communicaiton between the main site servers and the remotes sites is a requirement. No external internet is required.
Authentication will be done through pre-shared keys, probably with a pix501 as endpoints. The separate management of these endpoints is not a requirement.
In article , Michael Williams top-posted [now re-arranged]:
The documented limit for the PIX 515/515E is 2000 VPN peers. In practice this limit would probably depend greatly on throughput and memory use; and complexity of the ACLs (unless you use turbo ACLs, which use a fair bit of memory.)
The documented limit for a maxed-out 3030 Concentrator is 1500 VPN peers
Have you considered the Cisco ASA 5540 with VPN Plus? 2000 VPN peers and better packet inspection (e.g., anti-virus) than the PIX?
Sorry, I do not have any experience with the VPN Concentrator series -- nor any experience with 515E's pushed towards their peer limit.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.