VPN vs Private Network

I work for a Carrier that deploys private networks (basically Private VLANS, brought back via T1s, SDSL, or Frame). My job as the Sales Engineer is to support our Sales Team and sell our private network solution against VPN solutions, ATM solutions, or Frame Relay solutions. I am really focusing on selling against VPN solutions and was wondering if anyone could point me in the right direction where I could obtain some collateral materials. I have done multiple searches in Google all relating to "vpn disadvantages" and have not come up with great results. I realize that VPN is a good solution, cost effective, secure, scalable, etc.... Any help would be appreciated!

TIA, Mike

Reply to
Mike Begin
Loading thread data ...

In article , Mike Begin wrote: :I am really focusing on :selling against VPN solutions and was wondering if anyone could point me in :the right direction where I could obtain some collateral materials.

Your private network solution has a couple of advantages that come to mind:

- larger MTU -- indeed, with the right end-to-end equipment, you might be able to support the full normal ethernet MTU. That could be quite important to some people, if their equipment does not support Path MTU Discovery and they have reasons for not lowering their per-host MTUs -- not having to fragment packets is important to some clients.

- Urrr, a different emphasis on the above: even where fragmenting packets to fit the effective VPN tunnel MTU does not lead to network problems, fragmentting over a VPN can be inefficient

- Lower-end VPN devices often don't support Layer 2 tunnelling: your private-vlan solution should, allowing extended networks with a shared IP space. IPSec -requires- that network-extension mode be used only point to point: in a configuration in which you are accessing a "security gateway", you have to use the full proxy configuration.

- Your private-vlan solution should be able to handle non-IP traffic. L2TP should be able to do this to, but you have to look carefully to determine whether given VPN equipment will act as a L2TP client and server. For example, the PIX firewalls are fundamentally IP devices; carrying non-IP traffic such as IPX or AppleTalk or custom frames requires encapsulation before hitting the PIX.

And of course there are a couple of substantial advantages for management purposes:

- Your company takes care of all of the implimentation details, so that your customers can concentrate on their core expertises. Particularily if you have multiple sites involved, setting up a VPN is not trivial... not if there is real security involved.

- Going private VPN instead of internet VPN means your clients do not need to put up a firewall for that connection (except to protect against internal traffic, which can be a serious concern) -- and, correspondingly, do not need to monitor the firewall logs and figure out what to -do- with the tens of megabytes a day of people hammering on their firewall.

Reply to
Walter Roberson

Thank you very much Walter!


Reply to

there are 2 common flavours of VPN - 1 based on internet and IPsec and the other on MPLS.

they have different sets of tradeoffs so you need to treat them separately.

mind you - your description could cover layer 2 MPLS.....

I am really focusing on

cisco did a good white paper a while back on the difference between MPLS and IPsec, so maybe that would help? they do kit for both so should give a balanced view.

try looking at these:

formatting link

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.