Site to Site VPN

[skialta]

Here's yet another site-to-site VPN question.

I need to connect a remote site via business-class DSL to the company HQ. The company is running a PIX515E but I am open to what to use at the remote site. I'm leaning away from a PIX501 since I'm not very comfortable with the CLI. What about the Symantec Gateway Security 320? Any thoughts on this product or anyone think of a better, reasonably priced alternative? Also, do I have to configure the Corporate PIX to accept a VPN connection from a specific IP or will it allow any as long as the credentials are correct?

 

[dloz]

I used the Symantec VPN devices for a long time. Don't do it. They are much easier to configure than a pix if you’re not familiar but they will give you nothing but headaches. They drop connection very easily and the power cords go bad allot. I suggest taking the time to learn Cisco. The pix 501 does have a browser but it is kind of bulky and difficult to use. Also setting up a connection between a pix and Symantec can be done and I've done it numerous times but it was never easy. If you do go for it make sure you are connection the whole subnet both sides. Symantec does not like it when the pix only allows access to some resources on the remote network.

 

[skialta]

Thanks for the reply dloz..what about Sonicwall? I'm concerned about using the Pix 501 for this just b/c I don't know the IOS/PDM very well. If I don't need to worry about restricting anything and really only need to concentrate on the VPN connection back to the Corporate Pix 515E, is the 501 a good way to go?

 

[dloz]

I haven't used sonicwall before but have heard people say that they relly like them I don't know about conecting to a cisco device.

 

[karmic]

My advice, get comfortable with the CLI on the cisco. You should also get comfortable with the PDM, I use both. I love the ease of the vpn wizard and there's plenty of support sites out there.

I only use the pix for vpn's, both site to site and incoming client. Wouldn't use anything else to be honest. The downside being the cost of licensing, once you get past 10 they can get expensive. For internet protection they are overrated. I generally split the gateway with 2 IP's and use a linux proxy for internet surfing. This saves money on cisco licensing.

That said, i've bought a few sonicwalls and they are solid units. Pretty much the same cost as cisco. I just don't buy them anymore just for the hoops you have to go thru just to register and license the darn things. I just don't want to have to call tech support every time I buy a new unit.

Cisco is ready to go out of the box.

~ K.I.S.S - Don't make it any more complex than it has to be ~

 

[Pilot1]

Let me interject one more thought. Smart Net is a great way to overcome gaps in your knowledge, and is reasonbly priced for the value you get from Cisco. Free Plug for Cisco I guess!!

 

[jgiacobbe]

I have yet to upgrade mine to 7.X software but I have been told that configuring them is getting much easier. A year ago when I started messing with my firewall I only had experience on cisco routers. Bought a book, looked at a lot of examples on cisco's site. Find an example similar to what you are doing and you will be fine.

Jeremy Giacobbe
MCSE, CCNA

 

[skialta]

That's exactly what I did based on everyone's feedback. I bought a 501 with SmartNet. The only issue so far is that the promised 1.5MB DSL line didn't work out due to our distance from the CO. So I'm now looking at either business cable or a Tier 1 DIA circuit...Thanks everyone!

 

[itaviator]

Go with the Cisco! We bought another company that had a PIX501 and we ended up buying a PIX506 for our facility here. I had never worked with Cisco PIX's before, and I don't find it that hard to work with. Took me a few days to configure our access-lists (we have many), but the support from Cisco (if you get the smartnet) is unbelievable. They are top-notch. And I've had no problems with VPN from site to site.

Systems Administrator