Hello,

We would like to purchase a router to handle multiple (3)VPN tunnels using
IKE / IPSec.  Previously, we had used Netopia R9100s, but since they appear
to no longer be supported properly by Motorola, we've decided to look
elsewhere.  The two routers that we have our eyes on are the cisco 871 and
the 3Com 3036.  Does anyone have any specific recommendations on a router to
perform these tasks?

Thanks,

Aaron

[ Post a follow-up to this message ]

On Thu, 22 Mar 2007 10:12:08 -0700, "Aaron Gitlin"
<aaron@accent-networks.com> wrote:
>We would like to purchase a router to handle multiple (3)VPN tunnels using
>IKE / IPSec.  Previously, we had used Netopia R9100s, but since they appear
>to no longer be supported properly by Motorola, we've decided to look
>elsewhere.  The two routers that we have our eyes on are the cisco 871 and
>the 3Com 3036.  Does anyone have any specific recommendations on a router t
o
>perform these tasks?

Even though three tunnels is relatively small, it's worth thinking about
the maximum aggregate IPsec traffic rate that will be involved to ensure
that the solution will cope.  The encryption algorithm may make a
difference here, with AES/128 generally being the fastest and 3DES
generally the slowest (at least for software implementations; the situation
can be reversed for some systems with hardware acceleration that only
supports 3DES).

One additional product I'd consider is the Juniper NetScreen Firewall/VPN
device.  I've found the 5 series (e.g. 5GT) to be good low-end devices
(they have larger systems too, but I've never used them).

I've also used cisco routers, but not the 871 model.  However, it will use
Cisco IOS software which has just about all the features that you're likely
to need.

I can't comment on the 3Com, having never used it.

Beware that many of the low-end ADSL routers also offer IPsec, but the
functionallity is often very limited (e.g. no RSA authentication support,
problems with multiple tunnels Etc.).

Roy Hills

[ Post a follow-up to this message ]

"Aaron Gitlin" <aaron@accent-networks.com> writes:
>We would like to purchase a router to handle multiple (3)VPN tunnels using
>IKE / IPSec.  Previously, we had used Netopia R9100s, but since they appear
>to no longer be supported properly by Motorola, we've decided to look
>elsewhere.  The two routers that we have our eyes on are the cisco 871 and
>the 3Com 3036.  Does anyone have any specific recommendations on a router t
o
>perform these tasks?

You may want to look at enterprise level firewalls as well. Something
like a Juniper/Netscreen 5GT or a Fortigate F50A will give you alot
more options than the Netopia or a "router" product for about the same
price point (well, more like cisco pricing, or the Netopia new). Plus
both of these route if you need some sort of routing functionality at
this level (a lot better than the Netopia routed).

[ Post a follow-up to this message ]

Thanks for the input Doug and Roy!

I was referred to the NetScreen devices previous by a friend of mine; they
seem to be the right way to go.  My frustration with them was they appeared
to use the same licensing nonsense that SonicWall uses.  IMHO, it seems to
make the product more expensive than it should be.  The counter-point of
that being "you get what you pay for" ;)

I'll give Juniper a call and see what we can figure out.

Have a great weekend!





"Doug McIntyre" <merlyn@geeks.org> wrote in message
news:4602ff3f$0$36740$892e0abb@auth.newsreader.octanews.com...
> "Aaron Gitlin" <aaron@accent-networks.com> writes: 
>
> You may want to look at enterprise level firewalls as well. Something
> like a Juniper/Netscreen 5GT or a Fortigate F50A will give you alot
> more options than the Netopia or a "router" product for about the same
> price point (well, more like cisco pricing, or the Netopia new). Plus
> both of these route if you need some sort of routing functionality at
> this level (a lot better than the Netopia routed).
>
>

[ Post a follow-up to this message ]

"Aaron Gitlin" <aaron@accent-networks.com> writes:
>I was referred to the NetScreen devices previous by a friend of mine; they
>seem to be the right way to go.  My frustration with them was they appeared
>to use the same licensing nonsense that SonicWall uses.  IMHO, it seems to
>make the product more expensive than it should be.  The counter-point of
>that being "you get what you pay for" ;)


Their licensing is actually what pushes us to use more Fortigate devices.
They don't have the 10-workstation vs. unlimited license as an option
on the small-end boxes. The GUI is nicer on the Fortigate, although
the CLI is crappier. (not that the CLI on the Netscreen is all that
grand, but I get around it alot easier than Fortigate).

[ Post a follow-up to this message ]