Nortel-Cisco, was: Re: VPN Solution (fwd)

Jim Collum collum at NETWORK-ALCHEMY.COM
Mon Dec 13 10:15:54 EST 1999 

I've been reading, the posts, but since i work for the company in their QA 
department, I've been quiet. I work for Network Alchemy, and we develop VPN 
gateways that use a clustering technology.. that allows for transparent 
failover between nodes (as well as being scaleable). For more info, 
http://www.network-alchemy.com . I'd be happy to answer additional 
questions, but I'm a little hesitant to start a sales pitch (since this is 
a technical forum.. not an opportunity for me to sell our product)

         Jim Collum
         Network Alchemy
         Santa Cruz, Ca.

At 08:22 AM 12/13/99 -0500, Golder, Fred wrote:

>Check out the Gartner Group report from 13 September entitled "The Remote 
>Access VPN Magic Quadrant Criteria for 2H99" if you want an independent 
>assessment of positioning in the market place.
>
>The sales info I was told by both companies 12/3/99 for # of users per box 
>is as follows.
>Product         without hardware crypto         with hardware crypto
>Nortel 4500           2000                                      5500
>Cisco  7140                  100                                        700
>("VPN router")
>
>It should be noted that Cisco claims they can stack any number of routers 
>together and there by handle any number of sessions.  I don't know if I 
>believe that or not.  Further the sales man said if the router was also 
>routing performance would be lower.
>
>Nortel can load balance between 2 boxes at once and IF you use failure 
>craftily you can get 8 boxes supporting your load at once.  It should also 
>be noted that Nortel hasn't yet released it's crypto card so that number 
>is a guess work  albeit educated guesswork.
>
>-Fred Golder
>
>-----Original Message-----
>From: Tina Bird 
>[<mailto:tbird at KUSPY.PHSX.UKANS.EDU>mailto:tbird at KUSPY.PHSX.UKANS.EDU]
>Sent: Friday, December 10, 1999 4:08 PM
>To: VPN at SECURITYFOCUS.COM
>Subject: Re: Nortel-Cisco, was: Re: VPN Solution (fwd)
>
>Hi all,
>Let me react on few points:
>-Unfortunately I don't know the Contivity product, but even if it was very
>well designed, if you have a software solution it is normally slower than
>the hardware solution, because hardware solution uses dedicated
>crypto-processor especially for asymmetric crypto.
>-For the VPN on the router, as it implemented on IOS platform, we all know
>that they are a security nightmares with many backdoors and bugs, (even if
>new products are better), so it is not the best solution (this is my point
>of view of course) in terms of security to implement a VPN only on Cisco
>routers!
>- We have tested some VPN products (both HW and software) in our company,
>and it is difficult to say that one product is better than the other,
>because it greatly depends on your requirements, but basically here are some
>points:
>1- hw or soft solution. It's a trade-off between flexibility and speed and
>security: normally hw should be faster and secure, and soft solution might
>suffer from the platform security (how the OS is or can be hardened) and
>limitation (processor speed, memory capacity, etc.). On the opposite, soft
>solution are more flexible especially if you have special needs, or if you
>want to interact with other VPN products. Concerning the costs HW are
>generally more expensive than soft solution but if for your soft
>installation you have to buy a machine like a SUN, then costs become more or
>less the same...
>2- The product shall be fully IPSEC compatible to ensure you the possibility
>to work with other IPSEC products. IPSEC lefts open many options (concerning
>the algo, concerning the mode), the more options the product have the more
>chances you will have for an integration with another IPSEC product.
>3- Is it possible to make a central management of your VPN system? Remember
>that easy and understandable management leads to better security. You have
>to test this!!!
>4- Finally, if you work with ceritificates, you will have to look closely on
>how they provide the possibility to generate certificate to dowload them to
>the right place and to verify them. Investigate also the possibility to
>import third party certificates. X.509 is a standard for certificate format,
>however if one product accept an X.509 certificate it doesn't mean that it
>will accept all other X.509 compatible certificate.
>
>Concerning US IPSEC products. We know that we have a large choice of VPN
>products that are not US products. Because of  the US export law
>restrictions, when we (in our company) have to look for an IPSEC product, it
>is very very seldom that we are interested by US products!! And the new text
>proposed for the modification of this law article won't change anything!!
>
>Cheers
>
>
>Azim Ferchichi
>___________________
>CIT-CT-TPM
>IT security and Smart-cards
>Swisscom AG
>CH-3050 BERN
>Phone: +41 31 342 09 22
>Mobile: +41 79 301 55 56
>Fax:      +41 31 342 00 08
>______________________
>
> > ----------
> > From:         Chris Carlson[SMTP:carlsonmail at yahoo.com]
> > Sent:         vendredi, 3. décembre 1999 18:27
> > To:   Noam Gruber; eyeque-india at telebot.net
> > Cc:   vpn at listserv.secnetgroup.com
> > Subject:      Nortel-Cisco, was: Re: VPN Solution
> >
> >
> > --- Noam Gruber <noam.gruber at radguard.com> wrote:
> > ...
> > > The Cisco and Nortel VPNs are somewhat problematic,
> > > because they are
> > > based on router platforms which weren't build for
> > > security. As such they
> > > have security and low performance problems.
> > ...
> >
> >
> > Noam is grossly incorrect in his statement regarding
> > the Nortel Contivity platform.
> >
> > The Contivity, which Nortel bought from New Oak
> > Communications, uses a real-time OS for Intel written
> > by Wind River.  This real-time OS is extremely small,
> > efficient, with custom routing and IPSec drivers
> > written specifically for the VPN application.  It is
> > *NOT* based on the Bay Network router line.
> >
> > In fact, the Tolly Group did a performance bake-off
> > between the Contivity 4000 and Cisco 7200 router.  The
> > Contivity blew its doors off.  Noam is correct
> > regarding the Cisco VPN boxes -- they are IOS routers
> > with VPN code, but hardly bad products.
> >
> > As always, carefully research and test any product
> > before implementing it into your environment.  Note
> > that Noam's email is from "radguard.com", a VPN
> > vendor.  As such, take his alleged "statements of
> > fact" with a grain of salt with regard competiting
> > products...
> >
> > Regards,
> > Chris
> > __________________________________________________
> > Do You Yahoo!?
> > Thousands of Stores.  Millions of Products.  All in one place.
> > Yahoo! Shopping: <http://shopping.yahoo.com>http://shopping.yahoo.com
> >
> > ******************************************
>
>VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list