Thursday, June 11, 2020

IPsec tunnel hardware

I'm looking for a layer 4 endpoint device that can terminate and retransmit and IPsec connection.

My current issue is I'm working with grossly outdated hardware that uses single DES encryption and SHA1 integrity/hashing, but the controller (A Win10 machine) requires AES256 and SHA256. These historically have been unencrypted over a private network, but we're introducing an external controller and NTP to control timing, which breaks everything.

The hardware can do 3DES, but takes about 18 seconds to decrypt, and AES just times out. Initially, I just wanted to pop in a Big-IP 2000 series, but they're no longer for sale, you can't buy support, and their end-of-life is 2025. I reached out to F5, and the direct replacement, the i2200 is $18,000. Ouch.

I lean towards F5 because it's what I know, but it's definitely overkill in this situation. I know I could use a Virtual F5, but that ends up being more work. I imagine there has to be a simpler device to terminate and re-encapsulate the the IPsec tunnel. Any suggestions?



No comments:

Post a Comment