PIX 515 to PIX 515 via Internet & IPSec, should I get a VAC?

Discussion in 'Cisco' started by Scott Townsend, Feb 21, 2006.

  1. We currently have a Point to point T1 connecting 2 Offices and are thinking
    about upgrading the remote office to a 3 Meg internet Connection and having
    it connect to the HQ's 6 Meg Internet connection. HQ currently has a PIX
    515 and runs about 5 Home Office Point to Point IPSec VPN connections and a
    half dozen or so IPSec VPN Clients.

    We were thinking of adding a Pix 515 to the remote office and have it Point
    to Point IPSec VPN into HQ. The Remote office has in it 6-12 people at any
    one time, and 1/2 of them use the connection to get to data at HQ and the
    other half is the internet. Should I bother with adding a VPN Accelerator
    Card (VAC) to the HQ PIX, should I add one to Both? at $3000 each, its a
    pretty steep investment.

    Does anybody know at what point you want to use the VAC in terms of users
    and throughput?

    Thanks,
    Scott<-
     
    Scott Townsend, Feb 21, 2006
    #1
    1. Advertising

  2. Scott Townsend

    AM Guest

    Scott Townsend wrote:

    > We currently have a Point to point T1 connecting 2 Offices and are thinking
    > about upgrading the remote office to a 3 Meg internet Connection and having
    > it connect to the HQ's 6 Meg Internet connection. HQ currently has a PIX
    > 515 and runs about 5 Home Office Point to Point IPSec VPN connections and a
    > half dozen or so IPSec VPN Clients.
    >
    > We were thinking of adding a Pix 515 to the remote office and have it Point
    > to Point IPSec VPN into HQ.


    If you are not interested in firewall features (it's a hard thing to say :) ) you can use a router. Starting from an 800
    series or 1800.

    I have 5 offices with 10-15 persons connected to Internet throyugh a cisco 800 series.

    Alex.
     
    AM, Feb 21, 2006
    #2
    1. Advertising

  3. So I could just use my 2620 and install the FW feature set. I've thought of
    that... That is what I do for my house. I have a 1700 there.

    Though adding this office as a secondary presence for some of our internet
    connections seems like a better route for us. Having the PIX there to deal
    with having a DMZ with a DNS Server, and then adding a second Mail Server to
    our Exchange Site and having it as a Backup SMTP Server if there is an Issue
    with the First.

    Thanks,
    Scott<-
    "AM" <> wrote in message
    news:8SJKf.2194$...
    > Scott Townsend wrote:
    >
    >> We currently have a Point to point T1 connecting 2 Offices and are
    >> thinking about upgrading the remote office to a 3 Meg internet Connection
    >> and having it connect to the HQ's 6 Meg Internet connection. HQ
    >> currently has a PIX 515 and runs about 5 Home Office Point to Point IPSec
    >> VPN connections and a half dozen or so IPSec VPN Clients.
    >>
    >> We were thinking of adding a Pix 515 to the remote office and have it
    >> Point to Point IPSec VPN into HQ.

    >
    > If you are not interested in firewall features (it's a hard thing to say
    > :) ) you can use a router. Starting from an 800 series or 1800.
    >
    > I have 5 offices with 10-15 persons connected to Internet throyugh a cisco
    > 800 series.
    >
    > Alex.
     
    Scott Townsend, Feb 21, 2006
    #3
  4. do you use DES or 3DES between your sites?

    DES would be less processor intensive...

    thanks,
    Scott<-
    "AM" <> wrote in message
    news:8SJKf.2194$...
    > Scott Townsend wrote:
    >
    >> We currently have a Point to point T1 connecting 2 Offices and are
    >> thinking about upgrading the remote office to a 3 Meg internet Connection
    >> and having it connect to the HQ's 6 Meg Internet connection. HQ
    >> currently has a PIX 515 and runs about 5 Home Office Point to Point IPSec
    >> VPN connections and a half dozen or so IPSec VPN Clients.
    >>
    >> We were thinking of adding a Pix 515 to the remote office and have it
    >> Point to Point IPSec VPN into HQ.

    >
    > If you are not interested in firewall features (it's a hard thing to say
    > :) ) you can use a router. Starting from an 800 series or 1800.
    >
    > I have 5 offices with 10-15 persons connected to Internet throyugh a cisco
    > 800 series.
    >
    > Alex.
     
    Scott Townsend, Feb 21, 2006
    #4
  5. Scott Townsend wrote:
    > We currently have a Point to point T1 connecting 2 Offices and are thinking
    > about upgrading the remote office to a 3 Meg internet Connection and having
    > it connect to the HQ's 6 Meg Internet connection. HQ currently has a PIX
    > 515 and runs about 5 Home Office Point to Point IPSec VPN connections and a
    > half dozen or so IPSec VPN Clients.
    >
    > We were thinking of adding a Pix 515 to the remote office and have it Point
    > to Point IPSec VPN into HQ. The Remote office has in it 6-12 people at any
    > one time, and 1/2 of them use the connection to get to data at HQ and the
    > other half is the internet. Should I bother with adding a VPN Accelerator
    > Card (VAC) to the HQ PIX, should I add one to Both? at $3000 each, its a
    > pretty steep investment.
    >


    Scott

    at this point of the game you don't need VAC. At max you can have only
    6 Mbit/s of 3DES encrypted traffic, and for PIX515 it will be "walk in
    the park". Try to avoid using routers without encryption card for VPN,
    they suck. ;-)

    > Does anybody know at what point you want to use the VAC in terms of users
    > and throughput?


    cisco claims - pix515 can do 45Mbit/s (full T3) 3DES without VAC. So
    it's up to you to deside. My point of view - if the company can afford
    to pay every month for a 45Mbit/s of the Internet - they can spend some
    money ONCE to buy a VAC (or better yet 3030 concentrator)

    regards
    Roman Nakhmanson
     
    Roman Nakhmanson, Feb 22, 2006
    #5
  6. sorry
    didn't do my homework
    please disregard my notes about 45 M/s for 3DES - lie lie lie
    anyway, we have pix 501 for branches - they do 1.5M/s 3des with no
    issues
    and 515 for a HQ with some (8M/s) 3DES traffic. So far, so good

    Roman Nakhmanson
     
    Roman Nakhmanson, Feb 22, 2006
    #6
  7. Thank you for your feedback! I appreciate it!

    "Roman Nakhmanson" <> wrote in message
    news:...
    > sorry
    > didn't do my homework
    > please disregard my notes about 45 M/s for 3DES - lie lie lie
    > anyway, we have pix 501 for branches - they do 1.5M/s 3des with no
    > issues
    > and 515 for a HQ with some (8M/s) 3DES traffic. So far, so good
    >
    > Roman Nakhmanson
    >
     
    Scott Townsend, Feb 22, 2006
    #7
  8. In article <>,
    Roman Nakhmanson <> wrote:
    >sorry
    >didn't do my homework
    >please disregard my notes about 45 M/s for 3DES - lie lie lie
    >anyway, we have pix 501 for branches - they do 1.5M/s 3des with no
    >issues
    >and 515 for a HQ with some (8M/s) 3DES traffic. So far, so good


    The Cisco rating for the 515 (non-E) is 10 megabits/s 3DES.

    I haven't seen more than 1 megabit/s 3DES for a PIX 501 outside of
    the lab bench -- even on a high-bandwidth line, latencies do serious
    damage to throughput.
     
    Walter Roberson, Feb 22, 2006
    #8
  9. that is true, hopefully we have a lot of ftp traffic.
    But some of branches happen to have VoIP phones working thru VPN. the
    sad part - I can not install v7 on 501 pix (v7 has LLQ) 8-(

    Roman
     
    Roman Nakhmanson, Feb 22, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Simon Watson
    Replies:
    0
    Views:
    475
    Simon Watson
    Apr 14, 2005
  2. J
    Replies:
    3
    Views:
    1,049
    Lutz Donnerhacke
    Feb 13, 2006
  3. Black Nikon

    sensorcleaning with use of Green Clean Mini Vac system?

    Black Nikon, Jun 13, 2005, in forum: Digital Photography
    Replies:
    5
    Views:
    382
    Kevin McMurtrie
    Jun 15, 2005
  4. SMS
    Replies:
    27
    Views:
    1,133
  5. Who makes best Li-on hand vac?

    , Feb 6, 2010, in forum: Computer Support
    Replies:
    3
    Views:
    615
    chuckcar
    Feb 7, 2010
Loading...

Share This Page