newbie - PIX 501 sufficient

Discussion in 'Cisco' started by Kevin Laro, May 23, 2004.

  1. Kevin Laro

    Kevin Laro Guest

    Hi,
    I am quite new in the VPN world and would appreciate if I can get a
    confirmation on the following before I invest in hardware:

    I read the posts in here and still are not sure whether the purchase
    of PIX 501 is sufficient for my purpose:

    Current situation:

    two internal networks at different locations, each:

    - about 20 win XP and win2000 clients
    - win2k server (dns, dhcp, dc): IP 192.168.0.x
    - network switch, which is directly connected to ADSL modem (with
    router function) (dynamic IP adress from our IP-Provider, static IP
    for inside traffic as gateway)

    I want the following:
    - from inside continue accessing the internet as ussual

    - access our servers from one network as well as from outside (hotels)
    from mobile computers with changing ip addresses. Mainly to get
    acces to a share folder and to administer the servers (VCN client).


    If I put behind the netswitch a PIX 501 (deaktivating dhcp) and
    connect it with the ADSL modem, does that work? especially with the
    outside access (dyn IP)? I am a bit confused how PIX 501 is coming
    along with dynamic ip adresses, how do I know from outside, which IP
    address is the current one? Also when my laptop ip changes I would
    have to adjust the access list, which i cant if I am outside?

    Thanks for any help,

    Kevin

    ____________________-
     
    Kevin Laro, May 23, 2004
    #1
    1. Advertising

  2. please note that the PIX501 default comes with a 10 user license limit.
    otherwise get a 506 or a 50 userlicense or unlimited

    The 501 comes with 4 port auto-mdi-x 10/100 switch embedded.
    you can connect to ADSL with DHCP-client on outside.
    you can disable DHCP-server inside
    you can have 10 VPN peers on the 501 - 200-something on the 506 (this is
    CPU+MEM determened)
    you can use the Cisco VPN client software for RAS VPN for roadwarriors etc
    But if you run dyn-IP outside you may consider configuring the Client sw
    with a DNS hostname and have a public DNS record the PIX501 outside WAN IP
    and update when its changed.
    Or get a fixed dyn-IP or fixed static IP.


    HTH
    Martin



    "Kevin Laro" <> wrote in message
    news:...
    > Hi,
    > I am quite new in the VPN world and would appreciate if I can get a
    > confirmation on the following before I invest in hardware:
    >
    > I read the posts in here and still are not sure whether the purchase
    > of PIX 501 is sufficient for my purpose:
    >
    > Current situation:
    >
    > two internal networks at different locations, each:
    >
    > - about 20 win XP and win2000 clients
    > - win2k server (dns, dhcp, dc): IP 192.168.0.x
    > - network switch, which is directly connected to ADSL modem (with
    > router function) (dynamic IP adress from our IP-Provider, static IP
    > for inside traffic as gateway)
    >
    > I want the following:
    > - from inside continue accessing the internet as ussual
    >
    > - access our servers from one network as well as from outside (hotels)
    > from mobile computers with changing ip addresses. Mainly to get
    > acces to a share folder and to administer the servers (VCN client).
    >
    >
    > If I put behind the netswitch a PIX 501 (deaktivating dhcp) and
    > connect it with the ADSL modem, does that work? especially with the
    > outside access (dyn IP)? I am a bit confused how PIX 501 is coming
    > along with dynamic ip adresses, how do I know from outside, which IP
    > address is the current one? Also when my laptop ip changes I would
    > have to adjust the access list, which i cant if I am outside?
    >
    > Thanks for any help,
    >
    > Kevin
    >
    > ____________________-
    >
    >
    >
     
    Martin Bilgrav, May 23, 2004
    #2
    1. Advertising

  3. Kevin Laro

    Kevin Laro Guest

    Thanks Martin.

    seems the 50 user license is the way to go then.

    With public dns record you mean a service like dynip.org?

    Kevin


    On Sun, 23 May 2004 13:15:10 +0200, "Martin Bilgrav"
    <> wrote:

    >please note that the PIX501 default comes with a 10 user license limit.
    >otherwise get a 506 or a 50 userlicense or unlimited
    >
    >The 501 comes with 4 port auto-mdi-x 10/100 switch embedded.
    >you can connect to ADSL with DHCP-client on outside.
    >you can disable DHCP-server inside
    >you can have 10 VPN peers on the 501 - 200-something on the 506 (this is
    >CPU+MEM determened)
    >you can use the Cisco VPN client software for RAS VPN for roadwarriors etc
    >But if you run dyn-IP outside you may consider configuring the Client sw
    >with a DNS hostname and have a public DNS record the PIX501 outside WAN IP
    >and update when its changed.
    >Or get a fixed dyn-IP or fixed static IP.
    >
    >
    >HTH
    >Martin
    >
    >
    >
    >"Kevin Laro" <> wrote in message
    >news:...
    >> Hi,
    >> I am quite new in the VPN world and would appreciate if I can get a
    >> confirmation on the following before I invest in hardware:
    >>
    >> I read the posts in here and still are not sure whether the purchase
    >> of PIX 501 is sufficient for my purpose:
    >>
    >> Current situation:
    >>
    >> two internal networks at different locations, each:
    >>
    >> - about 20 win XP and win2000 clients
    >> - win2k server (dns, dhcp, dc): IP 192.168.0.x
    >> - network switch, which is directly connected to ADSL modem (with
    >> router function) (dynamic IP adress from our IP-Provider, static IP
    >> for inside traffic as gateway)
    >>
    >> I want the following:
    >> - from inside continue accessing the internet as ussual
    >>
    >> - access our servers from one network as well as from outside (hotels)
    >> from mobile computers with changing ip addresses. Mainly to get
    >> acces to a share folder and to administer the servers (VCN client).
    >>
    >>
    >> If I put behind the netswitch a PIX 501 (deaktivating dhcp) and
    >> connect it with the ADSL modem, does that work? especially with the
    >> outside access (dyn IP)? I am a bit confused how PIX 501 is coming
    >> along with dynamic ip adresses, how do I know from outside, which IP
    >> address is the current one? Also when my laptop ip changes I would
    >> have to adjust the access list, which i cant if I am outside?
    >>
    >> Thanks for any help,
    >>
    >> Kevin
    >>
    >> ____________________-
    >>
    >>
    >>

    >
     
    Kevin Laro, May 23, 2004
    #3
  4. "Kevin Laro" <> wrote in message
    news:...
    > Thanks Martin.
    >
    > seems the 50 user license is the way to go then.


    Well, for performance and securing the investment for the future, I strongly
    sugguest that you get the 506
    The cost differrence are not that large.
    >
    > With public dns record you mean a service like dynip.org?
    >

    I will leave the choise up to you, what service to implement.
    I recommend fixed static IP, as dyn-IP offen leeds to a larger management
    effort over time.
    Regarding DNS, the functionallity you need is the most important. i.e. have
    your IP macth the name in the VPN clients config file (PCF-file)
    keep in mind that you offen get what you pay for.

    HTH
    Martin Bilgrav

    > Kevin
     
    Martin Bilgrav, May 23, 2004
    #4
  5. Kevin Laro

    admin too Guest

    The 501 is soooooo sloooow.

    We deployed it (a 501) for a small group (under 10 users) and it seemed a
    little slow. When we needed more users I tried a 506 I had and it was
    noticably faster.
     
    admin too, May 24, 2004
    #5
  6. Kevin Laro

    Hansang Bae Guest

    In article <>,
    says...
    > The 501 is soooooo sloooow.
    >
    > We deployed it (a 501) for a small group (under 10 users) and it seemed a
    > little slow. When we needed more users I tried a 506 I had and it was
    > noticably faster.


    You sure it wasn't a duplex mismatch? Or are you doing IPSec?

    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, May 25, 2004
    #6
  7. Kevin Laro

    admin too Guest

    "Hansang Bae" <> wrote in message
    news:MPG.1b1c6ed75fae3c79989cb2@24.168.128.86...
    > In article <>,
    > says...
    > > The 501 is soooooo sloooow.
    > >
    > > We deployed it (a 501) for a small group (under 10 users) and it seemed

    a
    > > little slow. When we needed more users I tried a 506 I had and it was
    > > noticably faster.

    >
    > You sure it wasn't a duplex mismatch? Or are you doing IPSec?
    >


    Yes, and Yes.
     
    admin too, May 25, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Greg Gibson

    PIX 501 newbie aaa servers for pix

    Greg Gibson, May 6, 2004, in forum: Cisco
    Replies:
    3
    Views:
    583
    Adrian Grigorof
    May 9, 2004
  2. Andre
    Replies:
    7
    Views:
    789
    Andre
    Feb 20, 2005
  3. Sseaott

    Is AVG Anti-Virus sufficient?

    Sseaott, Jun 30, 2004, in forum: Computer Support
    Replies:
    20
    Views:
    2,146
    Mellowed
    Jul 1, 2004
  4. Paul D. Sullivan

    Is a 1/1.8" (7.18 x 5.32 mm) sensor sufficient for 10mp and 12mp?

    Paul D. Sullivan, Feb 11, 2007, in forum: Digital Photography
    Replies:
    67
    Views:
    1,534
  5. Sufficient power?

    , Aug 7, 2006, in forum: Computer Support
    Replies:
    10
    Views:
    670
    Mike Easter
    Aug 7, 2006
Loading...

Share This Page