Cisco PIX and multiple VPN

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Hi Guys,

My company needs to implements multiple VPN channels. We have Cisco PIX-515.
We hanve configured 2 VPN channels but both are ended also on PIX firewals
appliances.
The new need may address even up to 100 VPN connection.

My first doubt - is it possible to configure PIX to support so much VPN
connections without configuring each one-by-one? RADIUS server inside...
some kind of Easy VPN server...?

Second doubt - is it possible to configure those VPN channels from
non-Cisco-based-IOS (routers, other PIX'es) or Cisco VPN clients, for ex.
small VPN routers from D-Link, Linksys, Arlotto, etc...? And authenticate
them automaticaly as mentioned in my first doubt - preshared key, digital
cert, RADIUS?

Thanks for any suggests,
aslom

 

[shadus]

Archived from groups: comp.security.firewalls (More info?)

On 2005-09-27, aslom <aslom@paytel.nospa_m.pl> blabbed:
> My first doubt - is it possible to configure PIX to support so much VPN

Yes, we currently have the better part of 50 or so on a pix 515. The
cpu usage is currently sitting at about 15-30%. If you were going to
get into the 100 vpn range I'd suggest monitoring the traffic carefully
on the 515 and perhaps going up to a 525. It would depend how heavy the
traffic load is going to be. Another thing you need to look into is a
failover configuration if you're getting into that many hosts and you
need any serious degree of reliability.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

second question:

You should be able to connect to any other device that supports ipsec. Cisco to Linux and freebsd works just fine.
--
jbeasley@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

 

[riser]

Definately use the RADIUS server.. enhanced security with it.

Cisco = security by obscurity. Not so much, but it's not something everyone knows, making it harder to hack.

 

[PlutoDelic]

im not really a pro on this area, but shouldnt u use a VPN Concentrator for this.

i took some study in Cisco FNS, i remember that 515 handles 100 connections maximum, upgrading to 525 could be ur best choice.

 

[riser]

We're using our Concentrator which is the general way to go about it.

I'm familar in terms with Cisco but I don't work hands on with it and I didn't bother looking up his equipment to find out the setup.

With what he offered, I gave a potential solutions.

I think it's Microsoft ISA server for security over the RADIUS these days.

But yeah, the concentrator would be the best route to go.

 

[PlutoDelic]

But yeah, the concentrator would be the best route to go.

yea thats what i exactly ment

try to find the cisco CSVPN curricullum, all the Commands and stuff of the Concentrator are inside