Ang: RE: [VPN] Question for site to site VPN

hakan.palm at generic.se hakan.palm at generic.se
Mon Mar 24 13:05:25 EST 2003 

Cisco routers are generally better for site to site VPN, but in my
experience the VPN 3000 Concentrator is really nice as well...
It is really hard to beat when it comes to regular remote access
VPNs.

With a VPN 3000 Concentrator you can do some really nifty
stuff with policy routing on the LAN behind the concentrator to
ensure that the different customers are separated.

HTH,
/Palm




	roger.qian at sholodge.com
2003-03-24 18:39
		
	Till:	djdawso at qwest.com @ INTERNET, vpn at lists.shmoo.com @ INTERNET
	Kopia:	(Blank: Hakan Palm/Generic)
	Ärende:	RE: [VPN] Question for site to site VPN

Thank you Dana, if not using PIX, what Cisco device is better for the site
to site VPN, router or concentrator? Can all customers share a same IP
address pool?
Roger

-----Original Message-----
From: Dana J. Dawson [mailto:djdawso at qwest.com]
Sent: Friday, March 21, 2003 5:24 PM
To: vpn at lists.shmoo.com
Subject: Re: [VPN] Question for site to site VPN


Since you have to use access-lists as part of the VPN configuration to define all the hosts and/or networks at each end of each tunnel, if you configure all the VPN tunnels with the database server as the only local host, then it will do what you want.  The PIX should be fine for this, assuming you don't otherwise exceed its VPN capacity.

HTH

Dana

-- Dana J. Dawson                     djdawso at qwest.com
Senior Staff Engineer              CCIE #1937
Qwest Communications               (612) 664-3364
600 Stinson Blvd., Suite 1S        (612) 664-4779 (FAX)
Minneapolis  MN  55413-2620

"Hard is where the money is."



Roger Qian wrote:
> Hi All,
> > We're a hotel service provider. If we setup a site to site VPN system with
> our customers how to keep the privacy for each customer on the VPN system.
> We only need each customer to talk to a database server in our end only
and
> no talk between any customers.  We have a existing PIX 515UR firewall, do
we
> need to buy a dedicated Cisco device to act as a VPN gateway?
> > Thanks in advance.
> > Roger
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> > _______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn

More information about the VPN mailing list