Pix 501 and Concurrent VPN Connections

Discussion in 'Cisco' started by jaylucasaustin.rr.com, Jan 27, 2006.

  1. Hello,

    I find myself in the position of taking over a small office network that
    uses a Pix 501 primarily for the main Internet firewall and VPN. Currently,
    this device needs to support 4 external VPN connections at any given time
    and up to six internal (office systems). The 501 has a ten user license and
    currently has a problem with VPN connections that cannot always connect. I
    haven't had a chance to dig into log files yet as I fully haven't taken
    over, but was told (by a self proclaimed expert) that the 501 has difficulty
    handling more than 2 external VPN connections simultaneously due to it's
    slow processing power. So two question--is this "expert" correct and should
    I look into a slightly beefier Pix, or is this likely a licensing issue? I
    know that the four external devices obviously use a license, but am not
    clear on if internal office devices use one as well. The specs on the 501
    show that it should easily be able to handle this scenario, that why I need
    feedback from real users.

    Any help or advice on where to look for further insight would be greatly
    appreciated.

    Thanks,

    -Jay
     
    jaylucasaustin.rr.com, Jan 27, 2006
    #1
    1. Advertising

  2. jaylucasaustin.rr.com

    Peter Simons Guest

    x-no-archive: yes

    jaylucasaustin.rr.com wrote:
    > Hello,
    >
    > I find myself in the position of taking over a small office network that
    > uses a Pix 501 primarily for the main Internet firewall and VPN. Currently,
    > this device needs to support 4 external VPN connections at any given time
    > and up to six internal (office systems). The 501 has a ten user license and
    > currently has a problem with VPN connections that cannot always connect. I
    > haven't had a chance to dig into log files yet as I fully haven't taken
    > over, but was told (by a self proclaimed expert) that the 501 has difficulty
    > handling more than 2 external VPN connections simultaneously due to it's
    > slow processing power. So two question--is this "expert" correct and should
    > I look into a slightly beefier Pix, or is this likely a licensing issue? I
    > know that the four external devices obviously use a license, but am not
    > clear on if internal office devices use one as well. The specs on the 501
    > show that it should easily be able to handle this scenario, that why I need
    > feedback from real users.
    >
    > Any help or advice on where to look for further insight would be greatly
    > appreciated.
    >


    Hi

    We have a PIX 501 and it currently Handles 7 VPN tunnels and about
    twenty users Behind (The 501 is unlimited license).

    Overall nor problems.


    Though VPN's do hit the processor quite hard and our VPN's seam quite
    low through put. IF your VPN traffic no matter how many tunnels is over
    1 mg/s I would upgrade to a diffent pix.

    The internal devices do use a license.

    Peter
     
    Peter Simons, Jan 27, 2006
    #2
    1. Advertising

  3. Thanks Peter,

    Just to clarify, do you know if the 501 handle both hardware and software
    VPN connections the same? Some of the connections that I need to support
    are hardware and some use the Cisco software client. Also, are you saying
    that the aggregate VPN throughput is only 1 megabit per second, or is this
    per VPN link?

    Thanks,

    Jay
    "Peter Simons" <> wrote in message
    news:uCwCf.19616$...
    > x-no-archive: yes
    >
    > jaylucasaustin.rr.com wrote:
    >> Hello,
    >>
    >> I find myself in the position of taking over a small office network that
    >> uses a Pix 501 primarily for the main Internet firewall and VPN.
    >> Currently, this device needs to support 4 external VPN connections at any
    >> given time and up to six internal (office systems). The 501 has a ten
    >> user license and currently has a problem with VPN connections that cannot
    >> always connect. I haven't had a chance to dig into log files yet as I
    >> fully haven't taken over, but was told (by a self proclaimed expert) that
    >> the 501 has difficulty handling more than 2 external VPN connections
    >> simultaneously due to it's slow processing power. So two question--is
    >> this "expert" correct and should I look into a slightly beefier Pix, or
    >> is this likely a licensing issue? I know that the four external devices
    >> obviously use a license, but am not clear on if internal office devices
    >> use one as well. The specs on the 501 show that it should easily be able
    >> to handle this scenario, that why I need feedback from real users.
    >>
    >> Any help or advice on where to look for further insight would be greatly
    >> appreciated.
    >>

    >
    > Hi
    >
    > We have a PIX 501 and it currently Handles 7 VPN tunnels and about twenty
    > users Behind (The 501 is unlimited license).
    >
    > Overall nor problems.
    >
    >
    > Though VPN's do hit the processor quite hard and our VPN's seam quite low
    > through put. IF your VPN traffic no matter how many tunnels is over 1
    > mg/s I would upgrade to a diffent pix.
    >
    > The internal devices do use a license.
    >
    > Peter
     
    jaylucasaustin.rr.com, Jan 29, 2006
    #3
  4. jaylucasaustin.rr.com

    Peter Simons Guest

    x-no-archive: yes

    jaylucasaustin.rr.com wrote:
    > Thanks Peter,
    >
    > Just to clarify, do you know if the 501 handle both hardware and software
    > VPN connections the same? Some of the connections that I need to support
    > are hardware and some use the Cisco software client. Also, are you saying
    > that the aggregate VPN throughput is only 1 megabit per second, or is this
    > per VPN link?
    >
    > Thanks,
    >
    > J


    The 501 has no Hardware acceleration. It treats PIX to PIX and Cisco
    client to PIX connections the same.

    With the setup I have I would say it is total through put. But also
    remember that processor utilsation will vary from installation as it
    depends on how many rules you have and what other functions you use.


    if you have a windows environment down load a simple snmp monitor

    http://www.paessler.com/prtg/download

    and follow the advice some one supplied to me earlier

    http://groups.google.co.uk/group/co...q=PIX 501 snmp setup&rnum=1#7f36062d039e3203

    Peter
     
    Peter Simons, Jan 29, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. C  C
    Replies:
    0
    Views:
    650
  2. gooofoofs

    PIX 501, concurrent connections.

    gooofoofs, Apr 14, 2005, in forum: Cisco
    Replies:
    1
    Views:
    915
    Martin Bilgrav
    Apr 14, 2005
  3. Nick
    Replies:
    2
    Views:
    2,430
  4. BlueBrooke

    Error 502: Concurrent Connections Limit in Avast!

    BlueBrooke, Jul 5, 2007, in forum: Computer Security
    Replies:
    4
    Views:
    2,054
    BlueBrooke
    Jul 7, 2007
  5. =?Utf-8?B?WWFzdHJlYg==?=

    Concurrent Web Connections hosted by XP 64-bit?

    =?Utf-8?B?WWFzdHJlYg==?=, Aug 8, 2007, in forum: Windows 64bit
    Replies:
    8
    Views:
    830
    Charlie Russel - MVP
    Aug 9, 2007
Loading...

Share This Page