Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > What PIX for remote users

Reply
Thread Tools

What PIX for remote users

 
 
GMK
Guest
Posts: n/a
 
      10-23-2003
Hi everyone,

building a network at the moment that needs to connect HQ BRI with 3 remote
BRIs. I was thinking of 2621s all around for routing. What would be the
preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes will
simply be dialling the HQ and the HQ would dial them back...

Rgds,

KG


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      10-23-2003
In article <ELMlb.4$(E-Mail Removed)-net.net>,
GMK <(E-Mail Removed)> wrote:
:building a network at the moment that needs to connect HQ BRI with 3 remote
:BRIs. I was thinking of 2621s all around for routing. What would be the
reffered FW for these 4 routers? Would a PIX 501 suffice? The remotes will
:simply be dialling the HQ and the HQ would dial them back...

A PIX 501 should not have any problem handling 128 Kbit/s
or even 3*128 Kbit/s.

However, the PIX 501 is sold with a "per user" license
(10, 50, unlimited), which isn't really per user but per-inside-host.
If you are going to have more than 10 hosts active near-simultaneously
(within about 3 minutes) then the entry 10-user 501 would not
be sufficient.

Considering that 128 Kbit/s is not very fast, I suspect each
of your remote sites likely is not going to have more than 50
simultaneous users... but more than 10 simultaneous is not out
of the question on a line like that, especially if the machines
have automated POP3 checking or something similar that is frequent
but usually of low volume. Your HQ could plausibly need to be
able to communicate with more than 50 total remote hosts within
a short period (e.g., scanning to see if they have the latest
patch installed.)

The current street pricing on a PIX 501 with 50 user license is
about 2/3 of the current street pricing of a PIX 506E. The
506E is a noticably faster device, and has no per-user/per-host
licensing.

My recommendation is that in any location in which more than
10 hosts might be contacted within a short time, that it is
better to go with a 506E than with a 501 with 50-user license.
The $US200 price difference gets quickly eaten up in additional
support costs when the license breaks things.


We have a 501 with 50 user license, dating back to the time
when the 506E was nearly twice the price it is now. I hit the
licensing limit on it every time I 'nmap' the remote LAN
trying to figure out what devices are installed on it these days.
The remote LAN is only about 3 IP addresses wide as far as the
outside world is concerned, but I'm accessing it over a VPN
so I get the full internal /24 -- and the process of building a
translation to ARP for a remote machine counts as using a license slot
per remote address. Only about 20 of the IPs are populated, but my
VPN probes to figure out -which- 20 get messed up by the 50 license limit.
--
"WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG"
WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG. (GEB)
 
Reply With Quote
 
 
 
 
Erik Tamminga
Guest
Posts: n/a
 
      10-24-2003
Hi,

The 2621's would be a little overkill to support a single bri interface. Are
you sure you want the firewall if you're in a completely private network?
You could go for one of the Cisco 17xx bundles with integrated firewall
ios'es, they're cheaper than "2621 with pix506"-bundles.

Erik


"GMK" <(E-Mail Removed)> wrote in message
news:ELMlb.4$(E-Mail Removed)-net.net...
> Hi everyone,
>
> building a network at the moment that needs to connect HQ BRI with 3

remote
> BRIs. I was thinking of 2621s all around for routing. What would be the
> preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes

will
> simply be dialling the HQ and the HQ would dial them back...
>
> Rgds,
>
> KG
>
>



 
Reply With Quote
 
GMK
Guest
Posts: n/a
 
      10-24-2003
On a couple of the 2621 I will require the 4 port BRI net module... hence
the 2600 series.

KG


"Erik Tamminga" <(E-Mail Removed)> wrote in message
news:3f99232f$0$2737$(E-Mail Removed)...
> Hi,
>
> The 2621's would be a little overkill to support a single bri interface.

Are
> you sure you want the firewall if you're in a completely private network?
> You could go for one of the Cisco 17xx bundles with integrated firewall
> ios'es, they're cheaper than "2621 with pix506"-bundles.
>
> Erik
>
>
> "GMK" <(E-Mail Removed)> wrote in message
> news:ELMlb.4$(E-Mail Removed)-net.net...
> > Hi everyone,
> >
> > building a network at the moment that needs to connect HQ BRI with 3

> remote
> > BRIs. I was thinking of 2621s all around for routing. What would be the
> > preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes

> will
> > simply be dialling the HQ and the HQ would dial them back...
> >
> > Rgds,
> >
> > KG
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mixed Pix-to-Pix and Remote Access Fuzzy Britches Cisco 3 08-17-2005 06:15 AM
PIX-to-PIX vpn + remote Access VPN not working Marko Uusitalo Cisco 1 04-11-2005 12:45 PM
Remote Assistance fails to connect, remote remote host name could not be resolved Peter Sale Wireless Networking 1 12-11-2004 09:09 PM
local user authentication for remote vpn client users on pix Bill F Cisco 7 11-02-2004 09:28 PM
vpnclient access to remote pix via pix-pix tunnel Bill F Cisco 1 11-25-2003 06:03 AM



Advertisments