|
Home > Archive > Cisco Security exams > June 2003 > Security
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| drizzits 2003-05-29, 7:54 pm |
| Hello everyone,
I have just received teh title of network security engineer for our company we have 1000 remote sites 2 pix's and a vpn concentrator. Can anyone give me some advice that is already doing this
Thanks
Drizzits | |
| anchor40 2003-05-30, 12:23 pm |
| Congrats on the title. Now the fun begins.
**CCDP kicking in**
What advice do you need? Is the VPN network set up? Should we assume that the 2 PIX's and VPN concentrator are at the corporate HQ? What devices are at the remote sites? How many people are at the remote sites? What type of connectivity is at the remote sites (DDR, Frame to Internet, DSL, Cable, Wireless)? How are the PIX's and VPN concentrator connected? Is there a separate DMZ just for VPN traffic?
Sorry 'bout that. Sometimes the questions just start coming! 
Seriously, a little more clarification is needed before I can really help.
 | |
| meijin 2003-05-30, 12:27 pm |
| Did you get a raise to go along with that cool new title?  | |
| drizzits 2003-05-30, 1:17 pm |
| Yeha this is what we have going we are switching as many of our 1000 frame-relay sites to dsl cable vpn. terminating on a 7100 router. I would like to have the router on a dmz of the PIX where the VPN concentrator is now. | |
| anchor40 2003-06-02, 10:33 am |
| A "couple" 7100 series routers is what ytou meant, right? Each 7140 can only handle 500 tunnels, so you'd need multiple head-end conectrators for your 1000 sites.
Also, I'd recommend a DDR solution, as well. The
We've got a 100 location pilot running VPN over DSL for the past year, getting ready to convert the remaining 5000 locations.
Many great designs possible, depending on your security policy.
|
|
|
|
|