Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CISCO PIX vs. VPN Concentrator 3015

Status
Not open for further replies.
iwat

iwat

IS-IT--Management
Jun 13, 2001
5
US
Our company currently uses CISCO PIX firewall on both our internal network and website.

We have an outside IS service provider engaged to set up a VPN on our internal network. That provider is recommending that we purchase a CISCO VPN Concentrator 3015 for our VPN solution.

We are a small company ~50 employees and cost conscious. Do we really need to purchase a $10,000 concentrator to implement a reliable VPN?

Cisco literature indidates that we can use our PIX for a VPN.

I need an informed, second opionion on this matter.

If you had a client company of our size with existing PIX firewalls who wants VPN, what would you recommend? If we can use the PIX firewall, what additional h/w s/w purchases would we need to make to get a VPN up and running.

All input appreciated.
 
Sort by date Sort by votes
Cheapest way for a vpn is a linux box or 2000 server. You could upgrade your cisco router with a encryption IOS just beef up the memory. These recommendiations are still much cheaper then a VPN concentrator. You don't need the concentrator for your situation. Just my opionion.
 
Upvote 0 Downvote
If you want to be secure, you don't want to use a "general purpose" operating system like Unix or Win2K. If you have the PIX, use it (see my post in PIX Forum).

It doesn't look like you'd need the concetrator, but if you want to simplify troubleshooting, don't install any Secure IOS version on your router. PIX would be the single point of failure if your VPN goes down, because it is the terminating point for the tunnel. Also, the router RAM and Flash memory from Cisco costs an arm and a leg. I hear Crucial and Kingston make memory for Cisco products that's 80% cheaper, but again, your internet link will be down while yuou upgrade your router. But, if you have 3DES, just configure the PIX, and all you might have to do is restart it a couple of times (kinda reminds if win NT, hmmm.).

David.

P.S. Important Note: If you are going to do a VPN using PIX, make sure your router is running IOS 12.0T or later. Check with Cisco for exact details, and a service contract with access to call for support is another great tool.
 
Upvote 0 Downvote
We set up a mapping/conduit on the PIX from a public ip address on our extranet outside our PIX to a W2K server inside running RRAS and PPTP. Works like a charm. USed it with 150 people inside and 20 + people VPN ing in.


BTW we were running pix 4. something.

Tom

tpsnyder@xantrion.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
435
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
323
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
268
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
230
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
304
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top