There was some discussion of how much packet expansion
might be caused by IPsec in various modes (such as ESP tunnel
mode) some time ago. I don't think this is expected to be a large
increase, in percentage size, for "normal" packet size distributions,
as one is basically encapsulating the original packet. I don't
understand how one would lose 5/6 of the bandwidth (256 kbps
out of approx. 1.5 Mbps) while using IPsec. How does the Cisco
engineer explain this?
-paul
--On Friday, 24 March, 2000 12:48 -0600 "Dean A. Luethje"
<[EMAIL PROTECTED]> wrote:
> Hello all!
>
> Thank you for sharing you knowledge with those of us still new to these
> concepts.
>
> I need to set up secure remote communications between my outside sites
> and the NT 4.0 (sorry all of you who don't consider this a "real" os)
> LAN. I am using a Sonic Pro w/DMZ for as my border firewall. The box is
> ok for protection but not for VPN. They do not pass GRE protocol 47 so
> M$ PPTP is not workable, and their ipSec implementation is buggy at
> best. I am considering replacing this box with a Cisco PIX 515. My
> concerns revolve around throughput. The Cisco network engineer that I am
> talking to is telling me that I will probably need a full T1 at both
> ends to see VPN throughput between 128 and 256 kbps. This seems to
> negate any cost advantage that a VPN can offer over a dedicated
> connection while bringing lots of reliability issues to the surface at
> the same time! This doesn't even take into account remote notebook users
> who are dialing in to a RAS server now. Under the throughput estimates
> given above, I may as well not even consider a VPN option for these
> users.
>
> I would be interested in any information regarding both ipSec and PPTP
> VPNs in "real-world" settings. Are they working for you and if so, do
> you find that they provide a cost-effective alternative to dial-up RAS
> for mobile users and/or dedicated circuits for remote offices?
>
> Thanks in advance for your help and insights!
>
>> Dean A. Luethje, SysAdmin
>> Bell Paper Box, Inc.
>>
>> "The opinions expressed are mine alone and do not constitute
>> company policy
>> or opinion."
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
