pix 501 vs pix 506e?

Discussion in 'Cisco' started by Mike, Mar 29, 2007.

  1. Mike

    Mike Guest

    I work for a small company of 15 people, three of which are
    remove using vpn to access internal boxes. I currently have
    a 506 that is old and not updated. I am considering buying
    a new pix mostly for the os image upgrade and the vpn clients.

    I will soon have a full T-1 installed. Both the 501 and 506E
    are rated for through put more than can possibly come in through
    the T-1. Should I get a 501 or a 506E, or should I get a smartnet
    (which one) and not worry about upgrading the hardware?

    My current pix is at 6.3(3).

    Mike
     
    Mike, Mar 29, 2007
    #1
    1. Advertising

  2. In article <j5WOh.524$>, Mike <> wrote:
    >I work for a small company of 15 people, three of which are
    >remove using vpn to access internal boxes. I currently have
    >a 506 that is old and not updated. I am considering buying
    >a new pix mostly for the os image upgrade and the vpn clients.


    >I will soon have a full T-1 installed. Both the 501 and 506E
    >are rated for through put more than can possibly come in through
    >the T-1. Should I get a 501 or a 506E, or should I get a smartnet
    >(which one) and not worry about upgrading the hardware?


    >My current pix is at 6.3(3).


    You are entitled to free updates to the latest 6.3(5)114 or so
    (I'd have to look up the current build number; it's at least 112).
    There are known security problems in 6.3(3), 6.3(4), 6.3(5),
    and 6.3(5)112, and cisco makes free updates (within the same minor
    release) available when security problems are found. Search cisco's
    site for pix security 6.3(5) and you should find the link you
    need fairly easily. Find the right URL, recite it to your PIX vendor
    and they'll make the latest 6.3(5) available to you.

    There is no PIX 7.x release available for the PIX 501, 506,
    or 506E, and there never will be, so there is no good in buying
    one of them expecting to get PIX 7. The PIX 501 and 506 and 506E
    are essentially at the end of their software development lifecycle,
    and buying a new one just to get the new software release would not
    be a good investment, especially since the release is free.

    If you are wanting PIX 7, you would need to buy at least a
    515 (used, from an authorized reseller), or a 515E (available new),
    or a 525 or 535: active software development is still ongoing for
    them, but it isn't clear for how much longer.

    The current cisco firewall family that *is* being actively developed
    and will continue to be developed, is the cisco ASA 5500 series.
    They run the same PIX 7.2 OS but with some different features enabled.
    The 7.0 and 7.1 series for the ASA were unable to handle some PPTP
    and PPPoE features; several of those missing features became
    available with 7.2(1); if the ASA has not completely caught up
    then it is only a relatively narrow range of features that might
    still be lacking.

    You'd probably be looking at somewhere around an ASA 5510;
    add the Advanced services license if you want VLANs. The cost
    would probably be fairly similar to that of a PIX 506E.

    But if you do decide to head to the ASA, before deciding on a model,
    read the models comparison chart -carefully-. The 5505 is
    essentially the new PIX 501 equivilent, with very very few of the
    new features that differentiate the ASA from the PIX.
    The 5510 Basic is better, but still quite restricted. Useful
    VLANs you don't get until the 5501 Advanced I seem to recall.
    The 5520 is really the first full-featured ASA model, if you
    buy the additional modules (and associated licenses).

    In summary: if you -were- to buy an ASA because you wanted the new PIX
    7 features, then the 5505 would probably be very much the wrong model
    for you. The 5505 is for the people who could make do with a PIX 501
    really but don't want to buy into a defunct hardware line.
     
    Walter Roberson, Mar 30, 2007
    #2
    1. Advertising

  3. Walter Roberson wrote:

    >But if you do decide to head to the ASA, before deciding on a model,
    >read the models comparison chart -carefully-. The 5505 is
    >essentially the new PIX 501 equivilent, with very very few of the


    Quite correct but even the small 5505 can handle three interfaces (using
    the "plus" license) and is much more flexible that the ancient PIX 501.
    It's good for desktop usage, in cases you can't bear a noisy fan.

    I'll get one soon :) ...

    Regards

    fw
     
    Frank Winkler, Mar 30, 2007
    #3
  4. www.BradReese.Com, Mar 30, 2007
    #4
  5. Mike

    Mike Guest

    In article <>, www.BradReese.Com wrote:
    > Hi Mike,
    >
    > You may wish to investigate Network World Magazine's
    >
    > Adaptive Security Appliance key to Cisco turnaround success in
    > firewall market
    >
    > http://www.networkworld.com/community/?q=node/12346
    >
    > Sincerely,
    >
    > Brad Reese on Cisco
    > Network World Magazine Cisco Subnet
    > http://www.networkworld.com/subnets/cisco/
    >


    Thanks for the comments and help. I purchased a Cisco ASA 5505 and this
    weekend moved it to production. Most of my users are getting in without
    issue, though there is one user that has a private vpn group that is
    not able to get connected. If he uses the public vpn group he can get
    in, but not on his private vpn group.

    The problem must be something configured about the private vpn group
    that is different from the public group. Is there a way to diff the
    two groups to find the differences?

    Mike
     
    Mike, Jul 9, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MyndPhlyp

    PIX 501 vs 506 & 506E

    MyndPhlyp, Feb 11, 2004, in forum: Cisco
    Replies:
    2
    Views:
    4,095
    MyndPhlyp
    Feb 11, 2004
  2. Andre
    Replies:
    7
    Views:
    791
    Andre
    Feb 20, 2005
  3. Brian Bergin

    PIX OS 7 for 501 and/or 506E yet?

    Brian Bergin, Jan 24, 2006, in forum: Cisco
    Replies:
    2
    Views:
    2,267
    Christoph Gartmann
    Jan 24, 2006
  4. Bob Simon

    506E to 501

    Bob Simon, Sep 21, 2006, in forum: Cisco
    Replies:
    4
    Views:
    414
    Walter Roberson
    Sep 21, 2006
  5. Alex
    Replies:
    2
    Views:
    522
    Josef
    Aug 16, 2008
Loading...

Share This Page