VPN : AdvanceIPService router and Concentrator 3000 series

If talking only about VPN features, are there any difference between a router with advipservicesk9-mz and a 3000-series concentrator ? Is there any VPN protocol that one supports and the other does not ?

Thanks for your advice,

DT

Reply to
dt1649651
Loading thread data ...

Hi DT,

The 3000 series supports SSL VPN (what Cisco calls WebVPN) while the IOS stuff won't. Cisco also considers the 3000 series their most feature rich box for IPSec remote access VPNs. The fact that the 3000 supports SSL VPN now is a big enough selling point for me. It's nice to be able to do both on the same box.

Cheers, Spencer Teran

snipped-for-privacy@yahoo.com wrote:

Reply to
Spencer Teran

Actually, that's not true anymore. As of some 12.3(x)T, the IOS does, Also, the new ASA also supports SSL VPNs. However, in both the latter cases, the support is very minimal and the 3000 concentrator has more features. When it comes to site-to-site connections, though, I would stick with routers for scalability, using DMVPN. I'm working on a book with Cisco Press right now that goes into primarily IPSec, but also WebVPN, PPTP, and L2TP across of Cisco's most-used VPN platforms: concentrators, routers, and security appliances, as well as some hardware and software clients.

Cheers! Richard

Reply to
Richard Deal

I hope your book will be released soon. I am reading your book "Cisco Router Firewall Security" amd it really helps me.

DT

Reply to
dt1649651

Spencer, thanks for mentioning about SSL VPN or WebVPN. I just read an article from Cisco and you know, it addresses exactly the problem I just talked with my boss this morning : one some customers that need access to our server, their IT staff may refuse to install the VPN Client software.

I think I can ask for a Concentrator 3000 to solve this problem :-)

DT

Reply to
dt1649651

Could you please give more details on which features of SSL VPN have on the Concentrator but not on the IOS ?

I have a customer that already has a 2800-series router and do not know if the SSL VPN that supports on the newer IOS is good enough for them or whether they need to get a concentrator.

Thanks,

DT

Reply to
dt1649651

Hi Richard,

Thanks for the heads up. I was unaware that IOS had support for SSL VPNs. I'll have to try it out. In any case I've been very pleased with the 3000 series for both IPSec client-to-site and SSL. I most certainly agree that IOS and PIX both offer better support for site-to-site VPNs.

Cheers, Spencer Teran

Richard Deal wrote:

Reply to
Spencer Teran

One that comes to the top of my head is new in 4.7 of the 3000s; it supports an SSL java-based client that is downloaded from the 3000 to the user's desktop. Much more secure and much more control over user's access, including NAC. The IOS and ASA support is similar to what you would get on the concentrator in 4.1. But 4.7 adds quite a few new features that I think, for a medium-size deployment, makes it a no-brainer as to which to use. I would only use the router or ASA for a handful of SSL VPN users where IPSec isn't an option.

Hope that helps!

Cheers! Richard

Reply to
Richard Deal

Richard Deal wrote: [...]

Thanks, Richard. I just ordered a 3005. Will have a chance to try that nice feature.

DT

Reply to
dt1649651

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.