Gig Throughput on IPSEC
Brad Fleming
bdfleming at kanren.net
Wed Nov 11 18:45:44 UTC 2009
On Nov 11, 2009, at 3:25 AM, adel at baklawasecrets.com wrote:
>
>
> Hi,
>
> I have a requirement to encrypt data using IPSEC over a p-t-p gig
> fibre
> link. In the past I've normally used Juniper to terminate VPNs, as I
> have found them excellent devices and the route based VPN
> functionality
> very useful. However looking at their range, only the ISG will do a
> gig
> of IPSEC. I'm leaning towards keeping my exising Juniper SSG550's for
> firewall/routing capability at each site. Then having a separate
> encryption devices to handle the site-to-site vpn requiring the gig
> throughput. Does anyone have any suggestions on devices to use?
>
>
>
> Adel
>
>
Not knowing all your other needs, I won't swear to it... but would the
Juniper SRX650 work for your situation? It can pass 1.5Gbps of
encrypted traffic according to their datasheet. I've never actually
tried to move that much data through the box so I can't testify to it.
Also, the Juniper SRX3400 is advertised as handling 6Gbps of encrypted
traffic.
Of course, these are JunosES devices as opposed to ScreenOS, but the
transition isn't as painful as you might expect. We actually use the J-
series devices with JunosES as site routers/firewalls with a great
deal of success.
More information about the NANOG
mailing list