TechRepublic|Forums|Networks

Networks

General discussion

  • Creator
    Topic
  • April 21, 2004 at 2:32 am #2295377

    Why do i need to go for VPN concentrator

    Locked

    by kr_kirru · about 20 years ago

    Hi,

    I need to decide whether i should migrate to VPN concentrator or stay with PIX for VPN setup.

    Can any one advice regarding this and i additional features that i get when i opt for concentrator?

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • April 21, 2004 at 5:38 am #2669450

      Reply To: Why do i need to go for VPN concentrator

      by joematus · about 20 years ago

      In reply to Why do i need to go for VPN concentrator

      You’ll be offloading CPu processing from the PIX. VPN processing is very CPU intensive because every single packet has to encrypted using a mathematic algorithm. If you have a lot of VPN users it can make a difference. You’ll need to check the CPU usage on your PIX to figure out if it will make a difference. If you have a lot of CPU idle time on your PIX, then maybe you don’t need a concentrator. But if you expect a lot of new VPN users, then maybe you’ll need it for future growth.

    • April 21, 2004 at 6:33 am #2669433

      Reply To: Why do i need to go for VPN concentrator

      by kr_kirru · about 20 years ago

      In reply to Why do i need to go for VPN concentrator

      Thanks alot joematus.

    • May 6, 2004 at 8:26 pm #2732677

      Reply To: Why do i need to go for VPN concentrator

      by gavin · about 19 years, 11 months ago

      In reply to Why do i need to go for VPN concentrator

      vpn concentrator or aka vpn gateway is dedicated to perform vpn connections (encrypt/decrypt, key exchange ,etc), so it comes with vpn accelerator hardware that could support more vpn throughput (or more vpn tunnels) compare to your pix or any firewall with built-in vpn. If you have multiple vpn users, it is always best to have a vpn concentrator to do the job and let your firewall performs security alone, or your firewall would cause a bottleneck to your network.

    • May 12, 2004 at 2:55 pm #2692174

      Reply To: Why do i need to go for VPN concentrator

      by dplewis · about 19 years, 11 months ago

      In reply to Why do i need to go for VPN concentrator

      The main limit with PIX is that, if you’re building site-to-site VPNs, you can’t have packets come in on, and then route back out of the same interface. (For site-to-site VPNs use concentrator or, more likely, IOS routers with IPSec featureset).
      Although the statements made about about VPN encryption overhead is true, many PIX firewalls have (or can have added) a VPN hardware accelerator – this offloads the excryption/decryption process from the main CPU.

      I’d recommend a PIX for a simple remote access VPN, with relatively few users logging into a central network – it’s easy to tie the VPN connections in with your firewall rules. If you have an off-board concentrator this is more complicated (and costly).

      Regards,
      Paul

  • Author
    Replies
Viewing 3 reply threads