ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
WarrenSullivan
Member
Posts:
128
Joined:
Wed Jun 22, 2011 6:05 pm
Certs:
CCENT, CCNA, CCNP

Cisco 10gbps Vpn solution?

Mon May 14, 2012 3:14 am

Hey guys,
My workplace has approved a major upgrade of our network, I'm new in this role and I was shocked to see they have no security beside the isp's "guaranteed" security, so after putting a strong case forward we are good to go on a major upgrade, but I'm having trouble finding a cisco product that will have enough performance to encrypt at 10gbps....juniper have the 3600 which will do it, but trying to find a cisco product has so far been fruitless......
Any suggestions?
We will need 2 of them, one in each data centre (connected with 10gbps fibre) and 16 smaller ones for the nodes (not a problem)
Thoughts?

Sent from my Desire HD using Tapatalk 2

User avatar
mellowd
CCIE #38070
Posts:
13814
Joined:
Wed Jun 18, 2008 7:49 am
Certs:
CCIE (RS,SP), JNCIE-SP, BC-/SPNE/NP

Re: Cisco 10gbps Vpn solution?

Mon May 14, 2012 3:33 am

Why not use the Juniper?

WarrenSullivan
Member
Posts:
128
Joined:
Wed Jun 22, 2011 6:05 pm
Certs:
CCENT, CCNA, CCNP

Re: Cisco 10gbps Vpn solution?

Mon May 14, 2012 6:13 am

I have no experience with juniper unfortunately, I know the principles are the same, I just feel "better" with cisco, I already have to deal with HP switches, and I hate them lol buggy upgrades.....
Thanks guys


Sent from my Desire HD using Tapatalk 2

javentre
Post Whore
Posts:
1872
Joined:
Fri Jul 09, 2010 7:38 pm

Re: Cisco 10gbps Vpn solution?

Mon May 14, 2012 6:41 am

Do you need wire rate 10GE (full duplex) of crypto? If so, that's gonna be tough to accomplish in one box. 10GE (full duplex) is actually 20 gbps of crypto traffic. Knowing your traffic patterns is going to be important when sizing a box, 1 gbps of crypto with 64 byte frames is much different than with 1518 byte frames.

I would start looking at an ASR with an ESP-40.
http://networking.ventrefamily.com

User avatar
Dinger
Post Whore
Posts:
1397
Joined:
Fri Apr 25, 2008 2:16 pm
Certs:
CCNP, CCNA:Sec, MCSE

Re: Cisco 10gbps Vpn solution?

Mon May 14, 2012 8:24 am

Cisco makes 4 versions of ASAs will do that much VPN, but will set you back quite a bit...

http://www.cisco.com/en/US/products/ps6 ... tml#~tab-c
"A problem well stated is a problem half solved". (Charles Kettering)

User avatar
Halo
Post Whore
Posts:
1008
Joined:
Thu Oct 14, 2010 4:39 am
Certs:
CCNP (R&S, Security), ITILv3 Foundation

Re: Cisco 10gbps Vpn solution?

Mon May 14, 2012 8:33 am

Perhaps you're after something like this?

http://www.safenet-inc.com/products/dat ... ncryption/

WarrenSullivan
Member
Posts:
128
Joined:
Wed Jun 22, 2011 6:05 pm
Certs:
CCENT, CCNA, CCNP

Re: Cisco 10gbps Vpn solution?

Tue May 15, 2012 5:59 am

Thanks guys, currently getting a price on cisco and juniper solutions, will report back........

Sent from my Desire HD using Tapatalk 2

Otanx
Post Whore
Posts:
1142
Joined:
Wed Sep 01, 2010 3:37 pm
Certs:
CCNP, CEH

Re: Cisco 10gbps Vpn solution?

Tue May 15, 2012 9:19 am

Dinger wrote:Cisco makes 4 versions of ASAs will do that much VPN, but will set you back quite a bit...

http://www.cisco.com/en/US/products/ps6 ... tml#~tab-c



Maybe I am reading the table wrong, but the 5585x-SSP60 shows VPN at 5Gbps. None of those devices will do VPN at 10Gbps.

-Otanx
Stay networked, my friends.

WarrenSullivan
Member
Posts:
128
Joined:
Wed Jun 22, 2011 6:05 pm
Certs:
CCENT, CCNA, CCNP

Re: Cisco 10gbps Vpn solution?

Wed May 16, 2012 5:46 am

After talking to management and the server guys today, we've come to the agreement that San replication will not be encrypted, so we'll be fine with the asa, on a side note our HP core switches that we upgraded firmware last week....need to be downgraded, snmp not working properly, strange ospf multicasting errors.....hp hmmmmm ya killing me!

Sent from my Desire HD using Tapatalk 2

'

Return to Cisco Security

Who is online

Users browsing this forum: MSNbot Media and 8 guests