Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pix 501 and Concurrent VPN Connections

Reply
Thread Tools

Pix 501 and Concurrent VPN Connections

 
 
jaylucasaustin.rr.com
Guest
Posts: n/a
 
      01-27-2006
Hello,

I find myself in the position of taking over a small office network that
uses a Pix 501 primarily for the main Internet firewall and VPN. Currently,
this device needs to support 4 external VPN connections at any given time
and up to six internal (office systems). The 501 has a ten user license and
currently has a problem with VPN connections that cannot always connect. I
haven't had a chance to dig into log files yet as I fully haven't taken
over, but was told (by a self proclaimed expert) that the 501 has difficulty
handling more than 2 external VPN connections simultaneously due to it's
slow processing power. So two question--is this "expert" correct and should
I look into a slightly beefier Pix, or is this likely a licensing issue? I
know that the four external devices obviously use a license, but am not
clear on if internal office devices use one as well. The specs on the 501
show that it should easily be able to handle this scenario, that why I need
feedback from real users.

Any help or advice on where to look for further insight would be greatly
appreciated.

Thanks,

-Jay


 
Reply With Quote
 
 
 
 
Peter Simons
Guest
Posts: n/a
 
      01-27-2006
x-no-archive: yes

jaylucasaustin.rr.com wrote:
> Hello,
>
> I find myself in the position of taking over a small office network that
> uses a Pix 501 primarily for the main Internet firewall and VPN. Currently,
> this device needs to support 4 external VPN connections at any given time
> and up to six internal (office systems). The 501 has a ten user license and
> currently has a problem with VPN connections that cannot always connect. I
> haven't had a chance to dig into log files yet as I fully haven't taken
> over, but was told (by a self proclaimed expert) that the 501 has difficulty
> handling more than 2 external VPN connections simultaneously due to it's
> slow processing power. So two question--is this "expert" correct and should
> I look into a slightly beefier Pix, or is this likely a licensing issue? I
> know that the four external devices obviously use a license, but am not
> clear on if internal office devices use one as well. The specs on the 501
> show that it should easily be able to handle this scenario, that why I need
> feedback from real users.
>
> Any help or advice on where to look for further insight would be greatly
> appreciated.
>


Hi

We have a PIX 501 and it currently Handles 7 VPN tunnels and about
twenty users Behind (The 501 is unlimited license).

Overall nor problems.


Though VPN's do hit the processor quite hard and our VPN's seam quite
low through put. IF your VPN traffic no matter how many tunnels is over
1 mg/s I would upgrade to a diffent pix.

The internal devices do use a license.

Peter
 
Reply With Quote
 
 
 
 
jaylucasaustin.rr.com
Guest
Posts: n/a
 
      01-29-2006
Thanks Peter,

Just to clarify, do you know if the 501 handle both hardware and software
VPN connections the same? Some of the connections that I need to support
are hardware and some use the Cisco software client. Also, are you saying
that the aggregate VPN throughput is only 1 megabit per second, or is this
per VPN link?

Thanks,

Jay
"Peter Simons" <(E-Mail Removed)> wrote in message
news:uCwCf.19616$(E-Mail Removed)...
> x-no-archive: yes
>
> jaylucasaustin.rr.com wrote:
>> Hello,
>>
>> I find myself in the position of taking over a small office network that
>> uses a Pix 501 primarily for the main Internet firewall and VPN.
>> Currently, this device needs to support 4 external VPN connections at any
>> given time and up to six internal (office systems). The 501 has a ten
>> user license and currently has a problem with VPN connections that cannot
>> always connect. I haven't had a chance to dig into log files yet as I
>> fully haven't taken over, but was told (by a self proclaimed expert) that
>> the 501 has difficulty handling more than 2 external VPN connections
>> simultaneously due to it's slow processing power. So two question--is
>> this "expert" correct and should I look into a slightly beefier Pix, or
>> is this likely a licensing issue? I know that the four external devices
>> obviously use a license, but am not clear on if internal office devices
>> use one as well. The specs on the 501 show that it should easily be able
>> to handle this scenario, that why I need feedback from real users.
>>
>> Any help or advice on where to look for further insight would be greatly
>> appreciated.
>>

>
> Hi
>
> We have a PIX 501 and it currently Handles 7 VPN tunnels and about twenty
> users Behind (The 501 is unlimited license).
>
> Overall nor problems.
>
>
> Though VPN's do hit the processor quite hard and our VPN's seam quite low
> through put. IF your VPN traffic no matter how many tunnels is over 1
> mg/s I would upgrade to a diffent pix.
>
> The internal devices do use a license.
>
> Peter



 
Reply With Quote
 
Peter Simons
Guest
Posts: n/a
 
      01-29-2006
x-no-archive: yes

jaylucasaustin.rr.com wrote:
> Thanks Peter,
>
> Just to clarify, do you know if the 501 handle both hardware and software
> VPN connections the same? Some of the connections that I need to support
> are hardware and some use the Cisco software client. Also, are you saying
> that the aggregate VPN throughput is only 1 megabit per second, or is this
> per VPN link?
>
> Thanks,
>
> J


The 501 has no Hardware acceleration. It treats PIX to PIX and Cisco
client to PIX connections the same.

With the setup I have I would say it is total through put. But also
remember that processor utilsation will vary from installation as it
depends on how many rules you have and what other functions you use.


if you have a windows environment down load a simple snmp monitor

http://www.paessler.com/prtg/download

and follow the advice some one supplied to me earlier

http://groups.google.co.uk/group/com...36062d039e3203

Peter
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
PIX 501 VPN client to VPN client connections Nick Cisco 2 12-14-2005 04:33 PM
PIX 501, concurrent connections. gooofoofs Cisco 1 04-14-2005 08:07 AM
PIX 501 <-> PIX 501 - Problem contating private networks on the inside Andre Cisco 7 02-20-2005 07:02 PM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM



Advertisments