Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > pix 501 vs pix 506e?

Reply
Thread Tools

pix 501 vs pix 506e?

 
 
Mike
Guest
Posts: n/a
 
      03-29-2007
I work for a small company of 15 people, three of which are
remove using vpn to access internal boxes. I currently have
a 506 that is old and not updated. I am considering buying
a new pix mostly for the os image upgrade and the vpn clients.

I will soon have a full T-1 installed. Both the 501 and 506E
are rated for through put more than can possibly come in through
the T-1. Should I get a 501 or a 506E, or should I get a smartnet
(which one) and not worry about upgrading the hardware?

My current pix is at 6.3(3).

Mike
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      03-30-2007
In article <j5WOh.524$(E-Mail Removed)>, Mike <(E-Mail Removed)> wrote:
>I work for a small company of 15 people, three of which are
>remove using vpn to access internal boxes. I currently have
>a 506 that is old and not updated. I am considering buying
>a new pix mostly for the os image upgrade and the vpn clients.


>I will soon have a full T-1 installed. Both the 501 and 506E
>are rated for through put more than can possibly come in through
>the T-1. Should I get a 501 or a 506E, or should I get a smartnet
>(which one) and not worry about upgrading the hardware?


>My current pix is at 6.3(3).


You are entitled to free updates to the latest 6.3(5)114 or so
(I'd have to look up the current build number; it's at least 112).
There are known security problems in 6.3(3), 6.3(4), 6.3(5),
and 6.3(5)112, and cisco makes free updates (within the same minor
release) available when security problems are found. Search cisco's
site for pix security 6.3(5) and you should find the link you
need fairly easily. Find the right URL, recite it to your PIX vendor
and they'll make the latest 6.3(5) available to you.

There is no PIX 7.x release available for the PIX 501, 506,
or 506E, and there never will be, so there is no good in buying
one of them expecting to get PIX 7. The PIX 501 and 506 and 506E
are essentially at the end of their software development lifecycle,
and buying a new one just to get the new software release would not
be a good investment, especially since the release is free.

If you are wanting PIX 7, you would need to buy at least a
515 (used, from an authorized reseller), or a 515E (available new),
or a 525 or 535: active software development is still ongoing for
them, but it isn't clear for how much longer.

The current cisco firewall family that *is* being actively developed
and will continue to be developed, is the cisco ASA 5500 series.
They run the same PIX 7.2 OS but with some different features enabled.
The 7.0 and 7.1 series for the ASA were unable to handle some PPTP
and PPPoE features; several of those missing features became
available with 7.2(1); if the ASA has not completely caught up
then it is only a relatively narrow range of features that might
still be lacking.

You'd probably be looking at somewhere around an ASA 5510;
add the Advanced services license if you want VLANs. The cost
would probably be fairly similar to that of a PIX 506E.

But if you do decide to head to the ASA, before deciding on a model,
read the models comparison chart -carefully-. The 5505 is
essentially the new PIX 501 equivilent, with very very few of the
new features that differentiate the ASA from the PIX.
The 5510 Basic is better, but still quite restricted. Useful
VLANs you don't get until the 5501 Advanced I seem to recall.
The 5520 is really the first full-featured ASA model, if you
buy the additional modules (and associated licenses).

In summary: if you -were- to buy an ASA because you wanted the new PIX
7 features, then the 5505 would probably be very much the wrong model
for you. The 5505 is for the people who could make do with a PIX 501
really but don't want to buy into a defunct hardware line.
 
Reply With Quote
 
 
 
 
Frank Winkler
Guest
Posts: n/a
 
      03-30-2007
Walter Roberson wrote:

>But if you do decide to head to the ASA, before deciding on a model,
>read the models comparison chart -carefully-. The 5505 is
>essentially the new PIX 501 equivilent, with very very few of the


Quite correct but even the small 5505 can handle three interfaces (using
the "plus" license) and is much more flexible that the ancient PIX 501.
It's good for desktop usage, in cases you can't bear a noisy fan.

I'll get one soon ...

Regards

fw
 
Reply With Quote
 
www.BradReese.Com
Guest
Posts: n/a
 
      03-30-2007
Hi Mike,

You may wish to investigate Network World Magazine's

Adaptive Security Appliance key to Cisco turnaround success in
firewall market

http://www.networkworld.com/community/?q=node/12346

Sincerely,

Brad Reese on Cisco
Network World Magazine Cisco Subnet
http://www.networkworld.com/subnets/cisco/

 
Reply With Quote
 
Mike
Guest
Posts: n/a
 
      07-09-2007
In article <(E-Mail Removed). com>, www.BradReese.Com wrote:
> Hi Mike,
>
> You may wish to investigate Network World Magazine's
>
> Adaptive Security Appliance key to Cisco turnaround success in
> firewall market
>
> http://www.networkworld.com/community/?q=node/12346
>
> Sincerely,
>
> Brad Reese on Cisco
> Network World Magazine Cisco Subnet
> http://www.networkworld.com/subnets/cisco/
>


Thanks for the comments and help. I purchased a Cisco ASA 5505 and this
weekend moved it to production. Most of my users are getting in without
issue, though there is one user that has a private vpn group that is
not able to get connected. If he uses the public vpn group he can get
in, but not on his private vpn group.

The problem must be something configured about the private vpn group
that is different from the public group. Is there a way to diff the
two groups to find the differences?

Mike
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco pix 501 vs 501-50 cdoc Cisco 6 05-20-2006 03:53 AM
PIX 501 <-> PIX 501 - Problem contating private networks on the inside Andre Cisco 7 02-20-2005 07:02 PM
PIX 501 newbie aaa servers for pix Greg Gibson Cisco 3 05-09-2004 06:33 PM
pix 515 to pix 501 Cisco 2 02-05-2004 01:55 AM
Cisco VPN through a PIX 501 to another PIX? Andrew J Instone-Cowie Cisco 5 01-22-2004 05:44 PM



Advertisments