PfSense suitable replacement for Cisco 3005 Concentrator?
-
Hello,
I am looking to replace an ailing Cisco 3005 Concentrator. I have a Netgate m1n1wall 2D13 (http://store.netgate.com/-P219C83.aspx) running pfSense for testing, would that make be a suitable replacement for it? Does pfSense have a granular traffic filtering setup as good or better than the Cisco 3000's interface? Would the Netgate m1n1wall have enough horsepower for 50 IPSEC 3DES tunnels? I'm looking for an embedded hardware device, can anyone recommend what a suitable replacement might be to replace a Cisco 3000 Concentrator?
Thanks,
Todd
-
It would probably be useful to also tell us the data rate you are expecting to see over those tunnels and whether the data is predominantly large packets or small packets
-
As wallabybob implied, the data rate is more important than the number of tunnels. The ALIX 2D13 on its own can only handle about 18-20Mbit or so of IPsec, and that's with Rijndael (AES 128). With 3DES it's only about 8.
You can filter IPsec however you like, so that shouldn't be a problem.
pfSense 2.0 beta would probably be a better start for that kind of task instead of 1.2.3, primarily due to the improved IPsec GUI and the ability to have multiple phase 2 definitions per IPsec tunnel.
Bonus for the switch: You can use OpenVPN instead of being stuck with only IPsec.
