cisco4ng wrote:
> Hi there,
>
> If you are looking at 500 site-to-site VPNs, I would highly recommend that
> you go
> with Cisco VXR7206 router. With Cisco devices, you can terminate a lot of
> site-to-site
> VPNs. Furthermore, if you have requirements to run dynamic routing
> protocols over
> IPSec tunnel, Cisco is a better prefer choice than Nokia/Checkpoint. I
> currently have
> a customer running 450 site-to-site VPNs on a Cisco VXR7206 router with IOS
> version
> 12.3T. The VXR7206 router is the hub device and it is pushing about
> 250Mbps of
> AES-256/SHA-1/DH2 traffics and it is also running OSPF via GRE and
> encrypted with
> IPSec.
72006vxr NPE-G1 dies at about 80-90Mbps of IPSEC with 3DES encryption.
>
> I think NGx supports Virtual Tunnel Interface which is similar to cisco GRE
> but I've
> never used it so I can not comment on it. Checkpoint is a good product but
> I think
> with that many site-to-site VPNs, Cisco is a better solution. Notice that
> I didn't
> recommend to use Cisco Pix/ASA either. Generally speaking, Firewall is not
> a high
> performance VPN product. Neither Cisco Pix and Checkpoint firewall can
> provide
> the VPN flexibility that Cisco router does.
>
if you have a _lot_ of money to spend go with a nokia 1260 or 2200.
otherwise, buy a hp dl385, put splat on it, two cpus, 2GB of ram,
activate performance pack and you're set to go.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
