Cisco VPN AIM: is really needed for me?

Hello

according to this document:
http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/kaos_ds.pdf


I have two networks:

SITE A:

C2650 32F/128D
IOS 12.4(17a) ADV SECURITY
network link1 : shdsl (wic-SHDSL) (4096/4096 - MCR 200kbps)
network link2 - backup: adsl (WIC-ADSL) (2048/512 - MCR 200kbps)
int fast0/0 integrated: public /29 range for my servers
int fast0/1 (NM1FETX) : private lan 192.168.0.*



SITE B:

actually:
C2611 16F/64D
IOS 12.3(24) IP FRW PLUS 3DES
network link1: adsl (WIC-ADSL) 640/256 (MCR 200kbps)
eth0/0: private lan
eth0/1: public /29 range for my servers


I wuold like to establish a VPN Tunnel from site A to site B:

I would like to establish the tunnel from the site A (using network link 2)
to the site B:

I am not sure if I will use 3DES 168 or AES. I would like to offload the vpn
encryption work from the cpu of the router, using an AIM VPN Module to do
the job.
In the SITE A I could use on the C2650 a AIM-VPN/BP or a AIM-VPN/EP; on the
2611 on the site B I could use a AIM-VPN/BP.

Both cards encrypt via Hardware the 3DES algorithm.

------------------
I now am thinking that I could use a C2621XM (48F/256D) as core router for
the site A, thus enabling the use of AIM-VPN/BPII that also support via
hardware the AES algorithm.

What do you suggest to use, 3DES or AES?
I would like to offload all I can on AIM hardware, to free up the cpu power.
I could achieve that using the 3DES on the tunnel.

Since I am paranoid for security, I could replace on site A the 2650 with
the 2621XM (reducing global pps but enabling the use of the AIM wich
supports AES); on the site B I could replace the 2611 (dual ethernet) with
the C2650 from the site A (integrated fasteth + fasteth on NM).

What do you suggest me?

Please note that I would like to have a secure tunnel just to link the two
networks: no file sharing, no netbios in it, just some RDP, ssh connections
and SNMP traffic; I just use that to access site A from B and vice-versa for
remote administration.

Thank you for your answers.

Mr. Spadoni
Network Administrator




Thank you


.

Relevant Pages

  • Re: Cisco VPN AIM: is really needed for me?
    ... IOS 12.4ADV SECURITY ... public /29 range for my servers ... I am not sure if I will use 3DES 168 or AES. ... networks: no file sharing, no netbios in it, just some RDP, ssh ...
    (comp.dcom.sys.cisco)
  • Re: 2 DHCP
    ... You hvae to separat the networks with a router and use in each subnet the scope, ... What's the reason for connecting the DHCP servers together with one NIC? ...
    (microsoft.public.windows.server.migration)
  • Re: Geographically Dispersed Clusters
    ... clusters installed on the same networks for a manual failover incase the ... bring the resources online. ... We use scripts to backup the cluster ... We won't be able to test for awhile until we can get some servers ...
    (microsoft.public.windows.server.clustering)
  • Route Addition Issues
    ... we have recently moved our servers to a co-location ... If i attach a desktop machine to the manchester network it can ping ... everything on the trusted and dmz networks fine as the routes are in the ... let the server know the route (its default gateway is the public IP card as ...
    (microsoft.public.win2000.networking)
  • RE: IPSEC tunnel issue..
    ... > secure tunnel between these two networks and I'm having some ... > tunnel endpoints. ... you're running the FreeBSD firewall in ... build the tunnel and route anything that isn't through the ...
    (freebsd-questions)