Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pix Choices

Reply
Thread Tools

Pix Choices

 
 
Thomas Miller
Guest
Posts: n/a
 
      04-30-2005
Hello all,

I have a question. I am putting together a regional network for a state
agency. Here is a basic breakdown of the network architecture I wish to
achieve:

1 Main Office
6 Satellite Offices

The existing architecture is a private T-1 between the state mainframe and
the regional head office. Currently, the users of this network at the
regional head office (a total of 7 users) use PCs with Terminal Emulation
clients to reach the state mainframe via the T-1. That works fine and
nothing of interest there. However, these users spend much of the week
operating out of remote locations. There are six laptops these users bring
with them to these remote locations. They travel to these remote locations
one at a time, three days a week. They spend one day at the remote location
then move to another location the next day. Only one remote location is in
use on any given day. Currently, the users dial up directly to the state via
regular phone lines to attach to the state mainframe. Due to changing
architectures, the state would like to do away with the dialup and move to
TCP/IP. This means that the remote sites now must communicate with the head
office and THEN be transported to the state mainframe via the link from the
head office to the mainframe. I propose to accomplish this via DSL
connections at the remote locations, transport the data via VPN to the
regional head office, and then send the data on its way to the state
mainframe via the T-1.

My question is this: which device would be best for the regional head office
for the VPN? I have already settled on the Pix 501 for the remote locations.
I originally planned to use another 501 for the head office end of the VPN
tunnel. However, I am looking at the 515e for the head office now. Is this
overkill? With so few users (the bandwidth requirements for the applications
are very small, in truth a 56K dialup would do just fine for the amount of
bandwidth required for the applications) will a 501 at the head office
fulfill the requirements? Or is the 515e required at the head office
location simply because it is the "master" end of the tunnel?

Thanks in advance for your time and advice.


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      04-30-2005
In article <FOCce.2891$(E-Mail Removed)>,
Thomas Miller <(E-Mail Removed)> wrote:
:I am putting together a regional network for a state
:agency. Here is a basic breakdown of the network architecture I wish to
:achieve:

:1 Main Office
:6 Satellite Offices

:They travel to these remote locations
ne at a time, three days a week. They spend one day at the remote location
:then move to another location the next day. Only one remote location is in
:use on any given day.

:This means that the remote sites now must communicate with the head
ffice and THEN be transported to the state mainframe via the link from the
:head office to the mainframe.

:My question is this: which device would be best for the regional head office
:for the VPN? I have already settled on the Pix 501 for the remote locations.
:I originally planned to use another 501 for the head office end of the VPN
:tunnel. However, I am looking at the 515e for the head office now. Is this
verkill?

Yes.

For your needs, I would expect that a PIX 501 or 506E would be sufficient.

I suspect if you look carefully you might find more than 10 IP devices
in the regional office -- 6 PCs, yes, but then there's the printers
and the fax machines, and the local PDC... If not now, then in the
reasonable future.

A 501 can handle the bandwidth you indicated without difficulty.
The base 501 has the "10 user" limit, which is 10 simultaneous
IP addresses. You could either go for the 506E now and avoid all
the user limits, or you could wait and see and upgrade to a
50 user license on the 501 later if it is needed.

On the whole, I would suggest that the 506E would be better.
It is notably faster than the 501, does not have the user limits --
and has more memory, which is going to be important when PIX 7.x is
made available on the 501 and 506E .

:Or is the 515e required at the head office
:location simply because it is the "master" end of the tunnel?

Not at all. We have 501 <-> 501 tunnels, and we have 501 <-> 506E
tunnels.

The 501 and 506/506E have the advantage of being able to use
PPPoE, which is an login authentication method often used with DSL
(though less often with business plans.) They can also do PPTP
dialout.
--
"Who Leads?" / "The men who must... driven men, compelled men."
"Freak men."
"You're all freaks, sir. But you always have been freaks.
Life is a freak. That's its hope and glory." -- Alfred Bester, TSMD
 
Reply With Quote
 
 
 
 
ESM
Guest
Posts: n/a
 
      05-02-2005

"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:d50e8p$mgj$(E-Mail Removed)...
> On the whole, I would suggest that the 506E would be better.
> It is notably faster than the 501, does not have the user limits --
> and has more memory, which is going to be important when PIX 7.x is
> made available on the 501 and 506E .


PIX501 can be purchased with a 50 user limit and an unlimited user limit.
However, When you compare the price of a PXI501 unlimited to a PIX506E
(which is unlimited) , it makes more sense to get the 506E because the costs
are so close.

I'd put the 506E as a minimum at the head office. I'd try and get more
details from Cisco on PIX7.x and find out when it will realistically be out
for PIX501 and 506E and what features will be lost. There are some great new
features in PIX7.x for the higher model PIX's, some which you might find you
really want, and could loose by using a 501 or 506E at the head office.


 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      05-02-2005
In article <cbode.46078$(E-Mail Removed)>,
ESM <(E-Mail Removed)> wrote:
IX501 can be purchased with a 50 user limit and an unlimited user limit.

Yes, I specifically mentioned the 50 user license upgrade as a
possibility.

:However, When you compare the price of a PXI501 unlimited to a PIX506E
which is unlimited) , it makes more sense to get the 506E because the costs
:are so close.

I'd put it at a lower breakpoint: that beyond about 25-30 users one
should probably get the 506E. The OP had, though, a low-bandwidth
situation and somewhere close to the 10 user limit. Under the
circumstances, with PIX 6.x, it would make more financial sense to go
for a 501 -- except for the factor that the 506E will surely be much
better positioned to run more of PIX 7.x, so it is noticably more
"future-proof" than the 501.
--
"Mathematics? I speak it like a native." -- Spike Milligan
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Choices, Choices!!!! Leeland Clay MCAD 2 02-13-2006 01:53 PM
Choices, choices, choices. Scott Digital Photography 0 10-04-2004 06:15 PM
Choices, choices stuart.cameron Digital Photography 1 06-28-2004 09:29 AM
[pix] desperatly need help with PIX-to-PIX config Remco Bressers Cisco 1 11-21-2003 08:58 PM
PIX to PIX to PIX meshed VPN Richard Cisco 1 11-15-2003 07:41 AM



Advertisments