As lame as it may sound to some of you, I find one of the best benefits of many SD-WAN products is the ability to create an automate mesh of IPSec tunnels between sites.
However, most SD-WAN price tags are too high to justify for just that use case, for instance, considering I need 1 Gb of aggregate throughput:
* Cisco 4431 without SD-WAN and security license is about $16000 USD
* Cisco 4431 with SD-WAN is about $21000 USD
* PA-820 is about $5300 USD
You can see the PA-820 (which says it can do 1.3 Gb IPSEC) is sooo much cheaper than either Cisco option, however it only supports LSVPN for auto-IPSEC (hub-spoke only). Even their new SD-WAN solution only supports hub and spoke currently.
What are good options for auto/mesh IPSec, maybe something that has some NAT traversal support?
No comments:
Post a Comment