IMHO the best place to do VPN termination is on a VPN Concentrator, but there is obviously a not-too-insignificant cost involved there. In fact, to then do that right you would need another FW ... or atleast a FW with multiple interfaces to route the VPN traffic through .
When possible, according to Layer 8 , I always try to make each box do what it is really good at - i.e., routers route and firewalls block. Given that this is not always an option, a router based 3DES VPN works fine ... but requires a couple of upgrades to support . Barring any of those, there is always the option of stepping outside of Cisco products - but we don't like to talk about that Thanks! TJ >>> "Brian Zeitz" 02/07/02 10:38AM >>> I have been looking at routers/firewalls. I am thinking of going with the 2611 with a ADSL card, I also want to get a 515. Our office is not that big yet, but I want to plan for the future. I see that the Pix 515R only does DES, but doesn't do 3DES. But when I buy the router, I can get it with 3DES. I am just kinda confused, where is the best place to use 3DES, on the firewall, or on the router? Or it doesn't matter. The way I see it, if I wanted to do 3DES on the firewall with the 515, I would have to buy the 515UR, which is about 10K. I don't really need the thoughput for 100,000 users just yet though. Any suggestions on this? Thanks in advance... Brian Zee MCSE, CCNA, A+ ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34774&t=34754 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
