PIX as a screening router

[kumsa]

My company presently uses a software firewall. There is a plan to use a cisco PIX firewall as a VPN gateway for about 200 mobile users. In addition the company want to use this same VPN device as a screenig router to internet. As I am a novice to PIX I would like to raise the following questions:
1. Is it possible to use PIX firewall as a screening router ?
2. What type of device is appropriate for our case?
3. Can anyone give me info on configuration examples for this issues?

Thanks in advance.

 

[gbiello]

The PIX can work in conjuction with a dedicated WebSense server to provide Internet screening.
Find config info here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/advanced.htm#xtocid22

-gbiello

 

[yizhar]

HI.

The pix can do both VPN and firewalling, but in your case I suggest implementing a dedicated VPN server and another dedicated firewall.
Cisco have some dedicated VPN servers (the 3xxx family of products) for the VPN job which are easier and have more options for management then the pix.
You should note the limit on some 3xxx of 100 user accounts.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[Guest_imported]

The VPN 3005 and 3015 concentrators have a limit of up to 100 users & groups combined if using Internal Authentication. You can create internal groups and use an Authentication server (Radius server) to authenticate users. This will allow you to scale beyond 100 users.