Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   What PIX for remote users (http://www.velocityreviews.com/forums/t29701-what-pix-for-remote-users.html)

GMK 10-23-2003 08:58 AM

What PIX for remote users
 
Hi everyone,

building a network at the moment that needs to connect HQ BRI with 3 remote
BRIs. I was thinking of 2621s all around for routing. What would be the
preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes will
simply be dialling the HQ and the HQ would dial them back...

Rgds,

KG



Walter Roberson 10-23-2003 04:58 PM

Re: What PIX for remote users
 
In article <ELMlb.4$Hf7.3@newsr2.u-net.net>,
GMK <george@technogreek.REMOVE.com> wrote:
:building a network at the moment that needs to connect HQ BRI with 3 remote
:BRIs. I was thinking of 2621s all around for routing. What would be the
:preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes will
:simply be dialling the HQ and the HQ would dial them back...

A PIX 501 should not have any problem handling 128 Kbit/s
or even 3*128 Kbit/s.

However, the PIX 501 is sold with a "per user" license
(10, 50, unlimited), which isn't really per user but per-inside-host.
If you are going to have more than 10 hosts active near-simultaneously
(within about 3 minutes) then the entry 10-user 501 would not
be sufficient.

Considering that 128 Kbit/s is not very fast, I suspect each
of your remote sites likely is not going to have more than 50
simultaneous users... but more than 10 simultaneous is not out
of the question on a line like that, especially if the machines
have automated POP3 checking or something similar that is frequent
but usually of low volume. Your HQ could plausibly need to be
able to communicate with more than 50 total remote hosts within
a short period (e.g., scanning to see if they have the latest
patch installed.)

The current street pricing on a PIX 501 with 50 user license is
about 2/3 of the current street pricing of a PIX 506E. The
506E is a noticably faster device, and has no per-user/per-host
licensing.

My recommendation is that in any location in which more than
10 hosts might be contacted within a short time, that it is
better to go with a 506E than with a 501 with 50-user license.
The $US200 price difference gets quickly eaten up in additional
support costs when the license breaks things.


We have a 501 with 50 user license, dating back to the time
when the 506E was nearly twice the price it is now. I hit the
licensing limit on it every time I 'nmap' the remote LAN
trying to figure out what devices are installed on it these days.
The remote LAN is only about 3 IP addresses wide as far as the
outside world is concerned, but I'm accessing it over a VPN
so I get the full internal /24 -- and the process of building a
translation to ARP for a remote machine counts as using a license slot
per remote address. Only about 20 of the IPs are populated, but my
VPN probes to figure out -which- 20 get messed up by the 50 license limit.
--
"WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG"
WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG. (GEB)

Erik Tamminga 10-24-2003 01:03 PM

Re: What PIX for remote users
 
Hi,

The 2621's would be a little overkill to support a single bri interface. Are
you sure you want the firewall if you're in a completely private network?
You could go for one of the Cisco 17xx bundles with integrated firewall
ios'es, they're cheaper than "2621 with pix506"-bundles.

Erik


"GMK" <george@technogreek.REMOVE.com> wrote in message
news:ELMlb.4$Hf7.3@newsr2.u-net.net...
> Hi everyone,
>
> building a network at the moment that needs to connect HQ BRI with 3

remote
> BRIs. I was thinking of 2621s all around for routing. What would be the
> preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes

will
> simply be dialling the HQ and the HQ would dial them back...
>
> Rgds,
>
> KG
>
>




GMK 10-24-2003 01:29 PM

Re: What PIX for remote users
 
On a couple of the 2621 I will require the 4 port BRI net module... hence
the 2600 series.

KG


"Erik Tamminga" <etamminga@starren.nl> wrote in message
news:3f99232f$0$2737$1b62eedf@news.versatel.net...
> Hi,
>
> The 2621's would be a little overkill to support a single bri interface.

Are
> you sure you want the firewall if you're in a completely private network?
> You could go for one of the Cisco 17xx bundles with integrated firewall
> ios'es, they're cheaper than "2621 with pix506"-bundles.
>
> Erik
>
>
> "GMK" <george@technogreek.REMOVE.com> wrote in message
> news:ELMlb.4$Hf7.3@newsr2.u-net.net...
> > Hi everyone,
> >
> > building a network at the moment that needs to connect HQ BRI with 3

> remote
> > BRIs. I was thinking of 2621s all around for routing. What would be the
> > preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes

> will
> > simply be dialling the HQ and the HQ would dial them back...
> >
> > Rgds,
> >
> > KG
> >
> >

>
>





All times are GMT. The time now is 12:08 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.