On Mon, Jun 09, 2003 at 04:03:18PM -0400, Leo Bicknell wrote:

I'm looking for a high speed (300-1000Mbps) IPSec solution. I need basic functionality only, a frame in one side pops out the other side. For the moment I don't care if this is a layer 2 or a layer 3 device. For the application in mind it's just between two points.

I need a supported product, not some home-grown set of bits, and cost is the major factor. Most units at this speed do a lot of other stuff (firewall features, vpn clients, ids, other junk), and cost a lot of money as a result. Since there are FreeBSD/Linux boxes getting close to that throughput with accelerator cards I figure someone has to make the stripped down solution for a reasonable price.

Any pointers welcomed.

http://www.juniper.net/products/ip_infrastructure/modules/100048.html#02 The PIC isn't exactly cheap, but it's pretty well supported, and the rest of the routers aren't too bad on the used market. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

Here's a summary of answers I received, thanks to all: * Netscreen www.netscreen.com Wide variety of products from low end 10Mbps boxes to high end 1000Mbps boxes. Generally also firewalls, have VPN client support, and other features. From a site-to-site VPN perspective the low end is priced reasonably, where as the high end gets a bit expensive due to kitchen sink functionality. * Cisco PIX www.cisco.com Good variety of products from 50Mbps to 1000Mbps. Also firewalls and in some cases IDS like boxes. A bit high in price across the board for site-to-site VPN's, mainly due to kitchen sink functionality. * CipherOptics www.cipheroptics.com Dedicated full duplex gige IPSec box, with very minimal firewall filters. Very good price for a site-to-site VPN and no other junk to get in the way. A good contender for high speed IPSec. * Cisco Accelerator Cards www.cisco.com There are two varieties, the VAM for a 7200, and the VPNSM for a Cat6509. Pricing is good for a site-to-site VPN if you already have the chassis for other reasons and have free slots. If you have to include the chassis and interfaces in the cost they are both a pretty expensive solution. * Juniper Accelerator Cards www.juniper.com There are IPSec cards for all of the M-series boxes. Pricing is a similar situation to Cisco. Not too bad for site-to-site if you have the chassis, but if you're adding in the cost of a chassis and interface cards as well you're back to a pretty expensive solution. * ET/R4000 http://www.etinc.com/r4000.htm FreeBSD box with an accelerator card. Comes in 100Mbps and Gigabit versions, probably can't quite do full gigabit, but could come close. Priced very attractively for site-to-site VPN's, a bit of a concern that while it's sold as a complete box with support, it's a bit less of a "solution" than the other companies offer. * IWill motherboards. These don't meet my qualification, but if you're into roll your own I will has motherboards with IPSec coprocessors onboard supported by some free OS's: http://www.iwill.net/products/ProductDetail.asp?vID=129&CID=110 -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org