?

Log in

No account? Create an account

[icon] dynamic IPSEC solutions - Information Security
View:Recent Entries.
View:Archive.
View:Friends.
View:Profile.

Security:
Subject:dynamic IPSEC solutions
Time:11:09 am
Current Mood:curiouscurious
The CIO at my company recently approached me asking for ways to encrypt ALL data going out over our WAN/between our branch locations. We have recently migrated from a frame relay network to a Metro Ethernet/MPLS combo allowing our remote branches to communicate directly with each other, bypassing the corporate hub. I am looking for something that would allow me to dynamically create IPSEC tunnels between all of my locations on the WAN.

Cisco's DMVPN solution seems to fit what we want, but I'm wondering if anyone else offers a similar solution.


x-posted
comments: Leave a comment Previous Entry Share Next Entry


discogravy
Link:(Link)
Time:2007-04-12 03:36 am (UTC)
any kind of security/encryption on cisco equip tends to slow them down -- it's usually not a worry unless you're doing a bunch of other stuff on the same box, but if you have a star topo ("router on a stick" model) and yr 65xx is doing a lot of heavy lifting already, it could choke it good and hard.
(Reply) (Parent) (Thread)


cracnup
Link:(Link)
Time:2007-04-12 08:24 pm (UTC)
we're doing some routing and vlan management from the 6500, but I've never seen the cpu go higher than 3%. The IPSEC/encryption blade should offload all of the system overhead for that if we need it. From what I've heard/read, most of the Cisco gear will be able to handle a couple hundred tunnels before it starts to see much of a slow down.

I'm definitely going to try this out in a lab first. I appreciate the info!
(Reply) (Parent) (Thread)

[icon] dynamic IPSEC solutions - Information Security
View:Recent Entries.
View:Archive.
View:Friends.
View:Profile.