Tuesday, August 31, 2021

VPN concentrator

Hi All,

Looking at getting peoples advice/recommendations for some on premise devices we can use to terminate site-to-site VPN's with customers and 3rd parties.

Currently we have some ASA's doing the work however they are showing their age and we need some extra features that they currently don't offer.

I want to be able to run multi-contexts, like VRF's for example. The idea here is that if a customer wants site to site vpn's to replace their MPLS then we can terminate their VPN and dump them straight into their VRF. However, security will want access controls and next gen type capabilities on these to filter traffic before making it into the customer VRF. We would also need BGP routing capabilities.

We currently have 30 customers, not all using site-to-site VPN's however that could be the required scale long term.

I have thought about a cisco routers to terminate the VPN's using a FVRF for to build their tunnels over and placing the tunnel interface into their forwarding VRF. Then using a L2 firewall to bridge the connectivity between the Cisco router and their VRF. The reason for using a router is that they in my experience have been great for VPN's and provide all the routing capabilities we need.



No comments:

Post a Comment