Hi guys,

I'm wondering what is the simplest, and cheapest RouterBOARD option for doing IPSec VPN using BGP. My VPN requirements are:

- IKE using pre-shared keys
- IPSec SAs in tunnel mode
- AES 128 bit encryption function
- SHA-1 hash function
- Diffie-Hellman PFS in group 2 mode
- Do packet fragementation prior to encryption
- BGP support
- Route based VPN (bind tunnels to logical interfaces)
- IPSec dead peer detection

Keen to buy some devices and play around with them if I can get hardware supporting all of the above.

Cheers,
Adrian.

*Bump* - anyone have any suggestions/ideas?

Any RouterBoard will do all of this, is just depends on how much traffic you need passing through the IPSec encryption engine. One thing tho:

- Route based VPN (bind tunnels to logical interfaces)
You will have to use a GRE logical tunnel and use IPSec in transport mode. But then you can do OSPF over the links.