f



Comparing Cisco VPN concentrator and a Cisco 2800 router with SDM

Hi!

I am thinking about buying something that will handle a lot of vpn
tunnels and my cisco connection said that instead of bying a 3020
Concentrator I should buy a 2800 router with a vpn accelerator card. He
said that it would be both cheaper and faster that the 3020. How do the
2800 router compare to the 3020 concentrator? Is it alot more difficult
to administer? Any difference in licensing? 

/Bq

0
balroq (1)
5/10/2005 2:08:30 PM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

3 Replies
560 Views

Similar Articles

[PageSpeed] 10

In article <1115734110.285875.224790@o13g2000cwo.googlegroups.com>,
 <balroq@gmail.com> wrote:
:I am thinking about buying something that will handle a lot of vpn
:tunnels and my cisco connection said that instead of bying a 3020
:Concentrator I should buy a 2800 router with a vpn accelerator card.

Your Cisco connection is a bit off. The 2800 series all have built
in hardware VPN accelaration, with no VPN accelerator card available.

:He
:said that it would be both cheaper and faster that the 3020. How do the
:2800 router compare to the 3020 concentrator?

The 2800 series vary a fair bit in performance.

http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf

The range is from 90K pps to 220K pps (46 Mbps to 112 Mbps).
These figures are considerably lower than some other figures
I have seen for those models.


In a message about 7 months ago, I did a bit of performance analysis
for the 2811:

http://groups.google.ca/group/comp.dcom.sys.cisco/msg/fb850395fd9c46b5

The figures came out in good agreement with the marketting of the
2811 as being suitable for dual T1's. The other 2800 series are also
phrased in terms of small numbers of T1's.

The 3020 is rated to 50 Mbps encryption. 750 IPSec sessions
(200 peers). The marketing positions it as suitable for up to a T3.

The 3030 has the same speed rating but support for more sessions.
The 3020 is not upgradable to higher models; the 3030 is.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_data_sheet09186a00801d3b56.html


As "50 Mbps" (3020) is not a very different number from "46 Mbps" (2801),
it is difficult to tell where the truth lays. I have not seen
pps figures for the 30x0 series. 


What are your throughput and # of session requirements?
-- 
   'The short version of what Walter said is "You have asked a question
   which has no useful answer, please reconsider the nature of the
   problem you wish to solve".'              -- Tony Mantler
0
roberson
5/10/2005 5:12:21 PM
The 2800 may work, but the 3000 series in general has a longer track record 
and has had more time to mature the administrative interface.  If you are 
willing to tinker to save money, get the 2800.  If you want it to hit the 
ground running, get the 3020.  The 3020 is purpose built to the task, and 
the 2800 does a lot of other things.

The 3020 is a descendent of the Altiga acquistion, and the 2800 is an IOS 
based box.  IOS VPN capabilities have come a long way, especially with the 
accelerator, and the web interface makes if friendlier than ever.  Bottom 
line, though, is the 3000 has more field miles on it.   I personally prefer 
the IOS boxes, but if the only task is VPN concentration, the 3020 is 
probably a better choice. 


0
Phillip
5/11/2005 7:42:12 AM
Walter Roberson wrote:
> In article <1115734110.285875.224790@o13g2000cwo.googlegroups.com>,
>  <balroq@gmail.com> wrote:
> :I am thinking about buying something that will handle a lot of vpn
> :tunnels and my cisco connection said that instead of bying a 3020
> :Concentrator I should buy a 2800 router with a vpn accelerator card.
>
> Your Cisco connection is a bit off. The 2800 series all have built
> in hardware VPN accelaration, with no VPN accelerator card available.

The 2800 series supports this VPN module AIM-VPN/EPII-PLUS
Enhanced-performance DES, 3DES, AES, and compression VPN encryption
AIM.

My cisco 2811 has one.

DT

0
dt1649651
5/12/2005 5:39:33 PM
Reply: