Hi, Thanks for the pointers to the Juniper devices. I think I'm really thinking about layer2 encryption, rather than do the encryption using IPSEC. I feel that as its a p-t-p fibre link, this makes most sense in terms of throughput and least impact on the network. Operating at layer3 the IPSEC solution introduces more complexity than I would like across this link. As I understand it, with layer2 encryption devices VLANs between the sites, would "just work". I'm interested to hear of peoples experiences with layer 2 encryption devices out there, as I don't have that much experience with them.
I think my subject line mentioning IPSEC is a bit confusing as I'm really after information on Layer2 encryption hardware. Adel On Wed 6:45 PM , Brad Fleming bdflem...@kanren.net sent: > > On Nov 11, 2009, at 3:25 AM, adel@ > baklawasecrets.com wrote: > > > > > > Hi, > > > > I have a requirement to encrypt data using IPSEC > over a p-t-p gig > fibre > > link. In the past I've normally used Juniper to > terminate VPNs, as I> have found them excellent devices and the route > based VPN > functionality > > very useful. However looking at their range, > only the ISG will do a > gig > > of IPSEC. I'm leaning towards keeping my > exising Juniper SSG550's for> firewall/routing capability at each site. Then > having a separate> encryption devices to handle the site-to-site > vpn requiring the gig> throughput. Does anyone have any suggestions on > devices to use?> > > > > > > Adel > > > > > > Not knowing all your other needs, I won't swear to it... but would the > Juniper SRX650 work for your situation? It can pass 1.5Gbps of > encrypted traffic according to their datasheet. I've never actually > tried to move that much data through the box so I can't testify to it. > > Also, the Juniper SRX3400 is advertised as handling 6Gbps of encrypted > traffic. > > Of course, these are JunosES devices as opposed to ScreenOS, but the > transition isn't as painful as you might expect. We actually use the J- > series devices with JunosES as site routers/firewalls with a great > deal of success. > > >
