Cisco VPN AIM: is really needed for me?
 




IT Certification FAQ
 
|
Home
 |
Microsoft
 |
CISCO
 |
CompTIA
 |
Exam/Study FAQ
 |
Employment FAQ
 | Links  | Forums  |
Book Reviews


FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  ProfileProfile  Log in to check your private messagesPrivate messages  Log inLog in

Cisco VPN AIM: is really needed for me?

 
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco
Author Message
Elia Spadoni
Guest
PostPosted: Sun Mar 02, 2008 5:10 am    Post subject: Cisco VPN AIM: is really needed for me? Reply with quote
Hello

according to this document:
http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/kaos_ds.pdf


I have two networks:

SITE A:

C2650 32F/128D
IOS 12.4(17a) ADV SECURITY
network link1 : shdsl (wic-SHDSL) (4096/4096 - MCR 200kbps)
network link2 - backup: adsl (WIC-ADSL) (2048/512 - MCR 200kbps)
int fast0/0 integrated: public /29 range for my servers
int fast0/1 (NM1FETX) : private lan 192.168.0.*



SITE B:

actually:
C2611 16F/64D
IOS 12.3(24) IP FRW PLUS 3DES
network link1: adsl (WIC-ADSL) 640/256 (MCR 200kbps)
eth0/0: private lan
eth0/1: public /29 range for my servers


I wuold like to establish a VPN Tunnel from site A to site B:

I would like to establish the tunnel from the site A (using network link 2)
to the site B:

I am not sure if I will use 3DES 168 or AES. I would like to offload the vpn
encryption work from the cpu of the router, using an AIM VPN Module to do
the job.
In the SITE A I could use on the C2650 a AIM-VPN/BP or a AIM-VPN/EP; on the
2611 on the site B I could use a AIM-VPN/BP.

Both cards encrypt via Hardware the 3DES algorithm.

------------------
I now am thinking that I could use a C2621XM (48F/256D) as core router for
the site A, thus enabling the use of AIM-VPN/BPII that also support via
hardware the AES algorithm.

What do you suggest to use, 3DES or AES?
I would like to offload all I can on AIM hardware, to free up the cpu power.
I could achieve that using the 3DES on the tunnel.

Since I am paranoid for security, I could replace on site A the 2650 with
the 2621XM (reducing global pps but enabling the use of the AIM wich
supports AES); on the site B I could replace the 2611 (dual ethernet) with
the C2650 from the site A (integrated fasteth + fasteth on NM).

What do you suggest me?

Please note that I would like to have a secure tunnel just to link the two
networks: no file sharing, no netbios in it, just some RDP, ssh connections
and SNMP traffic; I just use that to access site A from B and vice-versa for
remote administration.

Thank you for your answers.

Mr. Spadoni
Network Administrator




Thank you
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco All times are GMT
Page 1 of 1

 

Copyright © 2002-2006 Web-S-Sense Pty. Ltd. All rights reserved.

Powered by phpBB
Advertising | Policies/Disclaimers | Contact us | Link to us

Featured Sites: Free Antivirus and Antispyware Info | Free PC Support | MCSE Directory