Archived from groups: comp.dcom.vpn (
More info?)
<t_pascal@my-deja.com> wrote in message
news:1110213132.898037.282260@z14g2000cwz.googlegroups.com...
>
> Gerbil wrote:
> > Folks :-
> > I've been asked to identify an ADSL router (available in the UK) that
> > can support seven VPN (L2TP / IPSec) connections from seven different
> > computers in a worst case situation. I think that means the router
> > would have to support seven VPN pass-through connections - I think
> the
> > Draytek Vigor 2600 plus range would do the trick, is my suspicion
> > correct and is there anything else out there?
> >
> If you are talking about a simple NAT router, you will need to use UDP
> encapsulation. It is unlikely that you will be able to change 7
> configurations to make it work.
this assumes that VPN sessions are passed trhough the router to VPN clients
running on multiple PCs - if that is what you want,then TCP encap would also
work - with TCP the NAT router should have no problem distinguishing between
the sessions.
The other option is to terminate the
> VPNs at the router. Cisco 5xx PIX or 3xxx concentrators are obvious,
> but there are many others.
or - a cisco router? there are lots of different suitable models, some with
ADSL built in, and all the smaller units can take an ADSL interface
directly. Routers tend to be more flexible than firewalls, and cheaper than
the VPN servers.
Having said that Cisco is professional gear, so the price is higher, and
there is an implicit assumption that someone who knows the kit will pick
the right box for the job and configure it.
The router choice would depend on required throughput and other features.
837 is the smallest one i know of - the datasheet talks about 5 simultaneous
tunnels to remote VPN clients:
http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet09186a008010e5c5.html
next one up would be a 1721, or an 1841
if you need it a few thousand simultaneous tunnels on 1 router is possible,
but a bit more expensive.
>
> What isn't clear is whether the Cisco will have an ADSL interface. You
> will want to get a simple ADSL-ethernet bridge to terminate the ADSL
> and provide regular ethernet so that your choice of equipment is
> limitless.
i would go for a built in ADSL interface so that the router can give you
info on the ADSL link
>
> > PS I have suggested in such a situation the performance will stink,
> > but that doesn't seem to bother the powers that be....
modern routers can have built hardware encryption - (the new Cisco ISR
routers come with encryption for 2 Mbps or more built in). these days
performance is more of a spec / link bandwidth / money issue than an
impossibility.
>
> >
> Register your objection and then humbly continue doing the good work
> that you do everyday. When they complain about the performance, have
> an alternate plan available with a business-justified cost.
>
--
Regards
Stephen Hope - return address needs fewer xxs