Hello,
We would like to purchase a router to handle multiple (3)VPN tunnels using IKE / IPSec. Previously, we had used Netopia R9100s, but since they appear to no longer be supported properly by Motorola, we've decided to look elsewhere. The two routers that we have our eyes on are the Cisco 871 and the 3Com 3036. Does anyone have any specific recommendations on a router to perform these tasks?
Thanks,
Aaron
Even though three tunnels is relatively small, it's worth thinking about the maximum aggregate IPsec traffic rate that will be involved to ensure that the solution will cope. The encryption algorithm may make a difference here, with AES/128 generally being the fastest and 3DES generally the slowest (at least for software implementations; the situation can be reversed for some systems with hardware acceleration that only supports 3DES).
One additional product I'd consider is the Juniper NetScreen Firewall/VPN device. I've found the 5 series (e.g. 5GT) to be good low-end devices (they have larger systems too, but I've never used them).
I've also used Cisco routers, but not the 871 model. However, it will use Cisco IOS software which has just about all the features that you're likely to need.
I can't comment on the 3Com, having never used it.
Beware that many of the low-end ADSL routers also offer IPsec, but the functionallity is often very limited (e.g. no RSA authentication support, problems with multiple tunnels Etc.).
Roy Hills
You may want to look at enterprise level firewalls as well. Something like a Juniper/Netscreen 5GT or a Fortigate F50A will give you alot more options than the Netopia or a "router" product for about the same price point (well, more like cisco pricing, or the Netopia new). Plus both of these route if you need some sort of routing functionality at this level (a lot better than the Netopia routed).
Thanks for the input Doug and Roy!
I was referred to the NetScreen devices previous by a friend of mine; they seem to be the right way to go. My frustration with them was they appeared to use the same licensing nonsense that SonicWall uses. IMHO, it seems to make the product more expensive than it should be. The counter-point of that being "you get what you pay for" ;)
I'll give Juniper a call and see what we can figure out.
Have a great weekend!
Their licensing is actually what pushes us to use more Fortigate devices. They don't have the 10-workstation vs. unlimited license as an option on the small-end boxes. The GUI is nicer on the Fortigate, although the CLI is crappier. (not that the CLI on the Netscreen is all that grand, but I get around it alot easier than Fortigate).
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.