[VPN] Nokia Crypto Cluster 500 VPN appliance
Joel Snyder
Joel.Snyder at Opus1.COM
Fri Mar 7 22:20:51 EST 2003
Jennifer Cronin wrote:
> Is this new or old? I have never heard of it before and want to know
> what
> you think of it if you use it.
The Nokia Cryptocluster series was a high availability, high
performance, clusterable VPN solution that Nokia produced for about 2
years; you may also see it called "Network Alchemy," the name of the
company that Nokia acquired.
Although the boxes are old, they are highly functional and manageable in
a site-to-site environment. Nokia gave away the VPN Policy Manager to
control the systems, and it was one of the first GUIs to actually deal
with full-mesh and hub-and-spoke VPNs effectively. For site-to-site
VPNs, they are basically state-of-the-art even today and should give
solid performance.
For remote access, the Cryptocluster series never really met the bar set
by products such as the Cisco 3000 (Altiga), Checkpoint Firewall-1,
Netscreen, or Avaya. Nokia developed a policy management and
distribution tool, but never got it to market.
The CC500 in single-node configuration will give you about 5Mbps
3DES/SHA1 encryption and closer to 11 Mbps doing AES. It tends to scale
linearly.
If I were building a site-to-site VPN today, and I didn't need firewall
capabilities or remote access features for more than a small number
(<500) users, I'd consider the Cryptocluster series a pretty good
chohice. If you need firewall or large scale remote access, it's
probably better to pick a different platform.
Nokia built thousands of them, so they're often readily available on
eBay at very competitive prices.
We have a cluster of CC2500s (a bigger brother to the CC500s) in
production use at our site for VPN functionality, with two remote sites
protected by CC500 clusters, and I don't have any immediate plans to
pull them out. They're working very nicely.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
jms at Opus1.COM http://www.opus1.com/jms Opus One
More information about the VPN
mailing list