Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > newbie - PIX 501 sufficient

Reply
Thread Tools

newbie - PIX 501 sufficient

 
 
Kevin Laro
Guest
Posts: n/a
 
      05-23-2004
Hi,
I am quite new in the VPN world and would appreciate if I can get a
confirmation on the following before I invest in hardware:

I read the posts in here and still are not sure whether the purchase
of PIX 501 is sufficient for my purpose:

Current situation:

two internal networks at different locations, each:

- about 20 win XP and win2000 clients
- win2k server (dns, dhcp, dc): IP 192.168.0.x
- network switch, which is directly connected to ADSL modem (with
router function) (dynamic IP adress from our IP-Provider, static IP
for inside traffic as gateway)

I want the following:
- from inside continue accessing the internet as ussual

- access our servers from one network as well as from outside (hotels)
from mobile computers with changing ip addresses. Mainly to get
acces to a share folder and to administer the servers (VCN client).


If I put behind the netswitch a PIX 501 (deaktivating dhcp) and
connect it with the ADSL modem, does that work? especially with the
outside access (dyn IP)? I am a bit confused how PIX 501 is coming
along with dynamic ip adresses, how do I know from outside, which IP
address is the current one? Also when my laptop ip changes I would
have to adjust the access list, which i cant if I am outside?

Thanks for any help,

Kevin

____________________-
http://www.velocityreviews.com/forums/(E-Mail Removed)


 
Reply With Quote
 
 
 
 
Martin Bilgrav
Guest
Posts: n/a
 
      05-23-2004
please note that the PIX501 default comes with a 10 user license limit.
otherwise get a 506 or a 50 userlicense or unlimited

The 501 comes with 4 port auto-mdi-x 10/100 switch embedded.
you can connect to ADSL with DHCP-client on outside.
you can disable DHCP-server inside
you can have 10 VPN peers on the 501 - 200-something on the 506 (this is
CPU+MEM determened)
you can use the Cisco VPN client software for RAS VPN for roadwarriors etc
But if you run dyn-IP outside you may consider configuring the Client sw
with a DNS hostname and have a public DNS record the PIX501 outside WAN IP
and update when its changed.
Or get a fixed dyn-IP or fixed static IP.


HTH
Martin



"Kevin Laro" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
> I am quite new in the VPN world and would appreciate if I can get a
> confirmation on the following before I invest in hardware:
>
> I read the posts in here and still are not sure whether the purchase
> of PIX 501 is sufficient for my purpose:
>
> Current situation:
>
> two internal networks at different locations, each:
>
> - about 20 win XP and win2000 clients
> - win2k server (dns, dhcp, dc): IP 192.168.0.x
> - network switch, which is directly connected to ADSL modem (with
> router function) (dynamic IP adress from our IP-Provider, static IP
> for inside traffic as gateway)
>
> I want the following:
> - from inside continue accessing the internet as ussual
>
> - access our servers from one network as well as from outside (hotels)
> from mobile computers with changing ip addresses. Mainly to get
> acces to a share folder and to administer the servers (VCN client).
>
>
> If I put behind the netswitch a PIX 501 (deaktivating dhcp) and
> connect it with the ADSL modem, does that work? especially with the
> outside access (dyn IP)? I am a bit confused how PIX 501 is coming
> along with dynamic ip adresses, how do I know from outside, which IP
> address is the current one? Also when my laptop ip changes I would
> have to adjust the access list, which i cant if I am outside?
>
> Thanks for any help,
>
> Kevin
>
> ____________________-
> (E-Mail Removed)
>
>



 
Reply With Quote
 
 
 
 
Kevin Laro
Guest
Posts: n/a
 
      05-23-2004
Thanks Martin.

seems the 50 user license is the way to go then.

With public dns record you mean a service like dynip.org?

Kevin


On Sun, 23 May 2004 13:15:10 +0200, "Martin Bilgrav"
<(E-Mail Removed)> wrote:

>please note that the PIX501 default comes with a 10 user license limit.
>otherwise get a 506 or a 50 userlicense or unlimited
>
>The 501 comes with 4 port auto-mdi-x 10/100 switch embedded.
>you can connect to ADSL with DHCP-client on outside.
>you can disable DHCP-server inside
>you can have 10 VPN peers on the 501 - 200-something on the 506 (this is
>CPU+MEM determened)
>you can use the Cisco VPN client software for RAS VPN for roadwarriors etc
>But if you run dyn-IP outside you may consider configuring the Client sw
>with a DNS hostname and have a public DNS record the PIX501 outside WAN IP
>and update when its changed.
>Or get a fixed dyn-IP or fixed static IP.
>
>
>HTH
>Martin
>
>
>
>"Kevin Laro" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed).. .
>> Hi,
>> I am quite new in the VPN world and would appreciate if I can get a
>> confirmation on the following before I invest in hardware:
>>
>> I read the posts in here and still are not sure whether the purchase
>> of PIX 501 is sufficient for my purpose:
>>
>> Current situation:
>>
>> two internal networks at different locations, each:
>>
>> - about 20 win XP and win2000 clients
>> - win2k server (dns, dhcp, dc): IP 192.168.0.x
>> - network switch, which is directly connected to ADSL modem (with
>> router function) (dynamic IP adress from our IP-Provider, static IP
>> for inside traffic as gateway)
>>
>> I want the following:
>> - from inside continue accessing the internet as ussual
>>
>> - access our servers from one network as well as from outside (hotels)
>> from mobile computers with changing ip addresses. Mainly to get
>> acces to a share folder and to administer the servers (VCN client).
>>
>>
>> If I put behind the netswitch a PIX 501 (deaktivating dhcp) and
>> connect it with the ADSL modem, does that work? especially with the
>> outside access (dyn IP)? I am a bit confused how PIX 501 is coming
>> along with dynamic ip adresses, how do I know from outside, which IP
>> address is the current one? Also when my laptop ip changes I would
>> have to adjust the access list, which i cant if I am outside?
>>
>> Thanks for any help,
>>
>> Kevin
>>
>> ____________________-
>> (E-Mail Removed)
>>
>>

>


 
Reply With Quote
 
Martin Bilgrav
Guest
Posts: n/a
 
      05-23-2004

"Kevin Laro" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Martin.
>
> seems the 50 user license is the way to go then.


Well, for performance and securing the investment for the future, I strongly
sugguest that you get the 506
The cost differrence are not that large.
>
> With public dns record you mean a service like dynip.org?
>

I will leave the choise up to you, what service to implement.
I recommend fixed static IP, as dyn-IP offen leeds to a larger management
effort over time.
Regarding DNS, the functionallity you need is the most important. i.e. have
your IP macth the name in the VPN clients config file (PCF-file)
keep in mind that you offen get what you pay for.

HTH
Martin Bilgrav

> Kevin



 
Reply With Quote
 
admin too
Guest
Posts: n/a
 
      05-24-2004
The 501 is soooooo sloooow.

We deployed it (a 501) for a small group (under 10 users) and it seemed a
little slow. When we needed more users I tried a 506 I had and it was
noticably faster.


 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      05-25-2004
In article <(E-Mail Removed)>,
(E-Mail Removed) says...
> The 501 is soooooo sloooow.
>
> We deployed it (a 501) for a small group (under 10 users) and it seemed a
> little slow. When we needed more users I tried a 506 I had and it was
> noticably faster.


You sure it wasn't a duplex mismatch? Or are you doing IPSec?

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
admin too
Guest
Posts: n/a
 
      05-25-2004

"Hansang Bae" <(E-Mail Removed)> wrote in message
news:MPG.1b1c6ed75fae3c79989cb2@24.168.128.86...
> In article <(E-Mail Removed)>,
> (E-Mail Removed) says...
> > The 501 is soooooo sloooow.
> >
> > We deployed it (a 501) for a small group (under 10 users) and it seemed

a
> > little slow. When we needed more users I tried a 506 I had and it was
> > noticably faster.

>
> You sure it wasn't a duplex mismatch? Or are you doing IPSec?
>


Yes, and Yes.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco pix 501 vs 501-50 cdoc Cisco 6 05-20-2006 03:53 AM
Is a static method sufficient to call it factory? f.vivoli@gmail.com Java 11 07-29-2005 09:02 AM
PIX 501 <-> PIX 501 - Problem contating private networks on the inside Andre Cisco 7 02-20-2005 07:02 PM
PIX 501 newbie aaa servers for pix Greg Gibson Cisco 3 05-09-2004 06:33 PM
system lacked sufficient buffer space ali Java 0 08-18-2003 07:58 AM



Advertisments