Cisco 1721 as effective as a Pix501?

[TimV]

The Pix501 works great with 1 subnet getting out to 1 dsl line, 1 IP address.

I now need to use 2 subnets on separate switches. Both subnets have pc's that will need to get out to the internet
and I am told that the 1721 can handle 2 separate subnets.

Can the 1721 act as a firewall as well? Should I keep the Pix501 between the internet and the 1721?

Thanks,

Tim

 

[criticalUpdate]

Your on track to the best setup.

The pix will not run as a router which is what you need with multiple inside subnets to route.

Leave the pix where it is and use the 1721 as a router and default gateway for your host pc's.

Jeff

 

[TimV]

Hi Jeff,

Thanks for the help. I'm more familiar with the pix than the 1721. The guy helping me here would like to remove the pix altogether, since the 1721 can run firewall software.

Do I need both??

Thanks,

Tim

 

[criticalUpdate]

The pix was designed as a firewall first

The 1721 was designed as router
and then retro-fitted with the firewall feature set.

I have called cisco on the 50,000 foot comparision to this before and their response was that the firewall feature set was intended to stop 50 different types of attacks while the pix was intended to stop 500 types of attacks. I'm sure this was an exageration.. But another thing to keep in mind is..

Downside to the 501 is that it's connection limited you are locked into a certain number of users this goes till the 506. But if the number of connections is not an issue I still like the internet <-> PIX <-> router combination.








Jeff