The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Re: Which FW for MPLS VPN?
sthaug@nethelp.no wrote: >>As Cisco doesn't seem to have a suitable firewall IOS for their PIX any >>time soon, and the Lucent Brick we picked up doesn't seem to be anywhere >>close to usable, what Firewall are you folks using to connect multiple >>MPLS VPNs to the Internet? > > > Any firewall that can handle "virtual" firewalls within the box *and* > overlapping address spaces for these virtual firewalls (one virtual > firewall per VPN), with the VPNs typically brought in to the firewall > box via a VLAN trunk. well, that's what I already know ;) I'm currently running a Pix as the VPNs I'm terminating do not have overlapping IP ranges. I have the inside interface with multiple VLANs, doing NAT to the outside and limited inbound NAT (mainly to check for availability). Problem with Pix also is the limited number of interfaces available (every VLAN counts as one interface, and limit on a 520 is 12 interfaces). So at the moment, PIX is a dead-end road ... > I believe Juniper Netscreen offers this functionality. I'm sure there > are others. and that "others" is what I would like to know who and if it is implemented decently ... we bought a Brick 80 some time ago, as it handles overlapping IPs and large number of VLANs fine, but configuration of it is - hm - challenging and not very straight-forward ... also the requirement of having either a Winblows or a Sun set up just to keep the Firewall running and configured is (IMHO) a bad thing ... Tnx, -gg ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|