networking-forum.com
Community BlogCommunity Wiki * Register  * Search  * Login
View unanswered postsView active topics

Board index » Cisco Networking » Cisco Security

All times are UTC - 6 hours [ DST ]


Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 
  Print view Previous topic | Next topic 
Author Message
WarrenSullivan
PostPosted: Mon May 14, 2012 3:14 am 
Offline
Member
Member

Joined: Wed Jun 22, 2011 6:05 pm
Posts: 128
Certs: CCENT, CCNA, CCNP
Hey guys,
My workplace has approved a major upgrade of our network, I'm new in this role and I was shocked to see they have no security beside the isp's "guaranteed" security, so after putting a strong case forward we are good to go on a major upgrade, but I'm having trouble finding a cisco product that will have enough performance to encrypt at 10gbps....juniper have the 3600 which will do it, but trying to find a cisco product has so far been fruitless......
Any suggestions?
We will need 2 of them, one in each data centre (connected with 10gbps fibre) and 16 smaller ones for the nodes (not a problem)
Thoughts?

Sent from my Desire HD using Tapatalk 2
Top
 Profile  
 
mellowd
PostPosted: Mon May 14, 2012 3:33 am 
Offline
CCIE #38070
CCIE #38070
User avatar

Joined: Wed Jun 18, 2008 7:49 am
Posts: 12483
Location: London, UK
Certs: CCIE ,CC-NP/IP, JNCIP-SP, JNCIS-ENT, BC-/SPNE/NP
Why not use the Juniper?

_________________
www.mellowd.co.uk/ccie/
Top
 Profile  
 
WarrenSullivan
PostPosted: Mon May 14, 2012 6:13 am 
Offline
Member
Member

Joined: Wed Jun 22, 2011 6:05 pm
Posts: 128
Certs: CCENT, CCNA, CCNP
I have no experience with juniper unfortunately, I know the principles are the same, I just feel "better" with cisco, I already have to deal with HP switches, and I hate them lol buggy upgrades.....
Thanks guys


Sent from my Desire HD using Tapatalk 2
Top
 Profile  
 
javentre
PostPosted: Mon May 14, 2012 6:41 am 
Offline
Post Whore
Post Whore

Joined: Fri Jul 09, 2010 7:38 pm
Posts: 1802
Do you need wire rate 10GE (full duplex) of crypto? If so, that's gonna be tough to accomplish in one box. 10GE (full duplex) is actually 20 gbps of crypto traffic. Knowing your traffic patterns is going to be important when sizing a box, 1 gbps of crypto with 64 byte frames is much different than with 1518 byte frames.

I would start looking at an ASR with an ESP-40.

_________________
http://networking.ventrefamily.com
Top
 Profile  
 
Dinger
PostPosted: Mon May 14, 2012 8:24 am 
Offline
Post Whore
Post Whore
User avatar

Joined: Fri Apr 25, 2008 2:16 pm
Posts: 1375
Location: Jacksonville, FL
Certs: CCNP, CCNA:Sec, MCSE
Cisco makes 4 versions of ASAs will do that much VPN, but will set you back quite a bit...

http://www.cisco.com/en/US/products/ps6 ... tml#~tab-c

_________________
"A problem well stated is a problem half solved". (Charles Kettering)
Top
 Profile  
 
Halo
PostPosted: Mon May 14, 2012 8:33 am 
Offline
Post Whore
Post Whore
User avatar

Joined: Thu Oct 14, 2010 4:39 am
Posts: 1007
Certs: CCNP (R&S, Security), ITILv3 Foundation
Perhaps you're after something like this?

http://www.safenet-inc.com/products/dat ... ncryption/
Top
 Profile  
 
WarrenSullivan
PostPosted: Tue May 15, 2012 5:59 am 
Offline
Member
Member

Joined: Wed Jun 22, 2011 6:05 pm
Posts: 128
Certs: CCENT, CCNA, CCNP
Thanks guys, currently getting a price on cisco and juniper solutions, will report back........

Sent from my Desire HD using Tapatalk 2
Top
 Profile  
 
Otanx
PostPosted: Tue May 15, 2012 9:19 am 
Offline
Ultimate Member
Ultimate Member

Joined: Wed Sep 01, 2010 3:37 pm
Posts: 921
Location: Las Vegas, NV
Certs: Sec+, MCSE, MCITP:EA, CCNP
Dinger wrote:
Cisco makes 4 versions of ASAs will do that much VPN, but will set you back quite a bit...

http://www.cisco.com/en/US/products/ps6 ... tml#~tab-c



Maybe I am reading the table wrong, but the 5585x-SSP60 shows VPN at 5Gbps. None of those devices will do VPN at 10Gbps.

-Otanx
Top
 Profile  
 
WarrenSullivan
PostPosted: Wed May 16, 2012 5:46 am 
Offline
Member
Member

Joined: Wed Jun 22, 2011 6:05 pm
Posts: 128
Certs: CCENT, CCNA, CCNP
After talking to management and the server guys today, we've come to the agreement that San replication will not be encrypted, so we'll be fine with the asa, on a side note our HP core switches that we upgraded firmware last week....need to be downgraded, snmp not working properly, strange ospf multicasting errors.....hp hmmmmm ya killing me!

Sent from my Desire HD using Tapatalk 2
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 

Board index » Cisco Networking » Cisco Security

All times are UTC - 6 hours [ DST ]

Who is online

Users browsing this forum: michoudi, tzmueller and 15 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group