Pix Choices

Discussion in 'Cisco' started by Thomas Miller, Apr 30, 2005.

  1. Hello all,

    I have a question. I am putting together a regional network for a state
    agency. Here is a basic breakdown of the network architecture I wish to
    achieve:

    1 Main Office
    6 Satellite Offices

    The existing architecture is a private T-1 between the state mainframe and
    the regional head office. Currently, the users of this network at the
    regional head office (a total of 7 users) use PCs with Terminal Emulation
    clients to reach the state mainframe via the T-1. That works fine and
    nothing of interest there. However, these users spend much of the week
    operating out of remote locations. There are six laptops these users bring
    with them to these remote locations. They travel to these remote locations
    one at a time, three days a week. They spend one day at the remote location
    then move to another location the next day. Only one remote location is in
    use on any given day. Currently, the users dial up directly to the state via
    regular phone lines to attach to the state mainframe. Due to changing
    architectures, the state would like to do away with the dialup and move to
    TCP/IP. This means that the remote sites now must communicate with the head
    office and THEN be transported to the state mainframe via the link from the
    head office to the mainframe. I propose to accomplish this via DSL
    connections at the remote locations, transport the data via VPN to the
    regional head office, and then send the data on its way to the state
    mainframe via the T-1.

    My question is this: which device would be best for the regional head office
    for the VPN? I have already settled on the Pix 501 for the remote locations.
    I originally planned to use another 501 for the head office end of the VPN
    tunnel. However, I am looking at the 515e for the head office now. Is this
    overkill? With so few users (the bandwidth requirements for the applications
    are very small, in truth a 56K dialup would do just fine for the amount of
    bandwidth required for the applications) will a 501 at the head office
    fulfill the requirements? Or is the 515e required at the head office
    location simply because it is the "master" end of the tunnel?

    Thanks in advance for your time and advice.
     
    Thomas Miller, Apr 30, 2005
    #1
    1. Advertising

  2. In article <FOCce.2891$>,
    Thomas Miller <> wrote:
    :I am putting together a regional network for a state
    :agency. Here is a basic breakdown of the network architecture I wish to
    :achieve:

    :1 Main Office
    :6 Satellite Offices

    :They travel to these remote locations
    :eek:ne at a time, three days a week. They spend one day at the remote location
    :then move to another location the next day. Only one remote location is in
    :use on any given day.

    :This means that the remote sites now must communicate with the head
    :eek:ffice and THEN be transported to the state mainframe via the link from the
    :head office to the mainframe.

    :My question is this: which device would be best for the regional head office
    :for the VPN? I have already settled on the Pix 501 for the remote locations.
    :I originally planned to use another 501 for the head office end of the VPN
    :tunnel. However, I am looking at the 515e for the head office now. Is this
    :eek:verkill?

    Yes.

    For your needs, I would expect that a PIX 501 or 506E would be sufficient.

    I suspect if you look carefully you might find more than 10 IP devices
    in the regional office -- 6 PCs, yes, but then there's the printers
    and the fax machines, and the local PDC... If not now, then in the
    reasonable future.

    A 501 can handle the bandwidth you indicated without difficulty.
    The base 501 has the "10 user" limit, which is 10 simultaneous
    IP addresses. You could either go for the 506E now and avoid all
    the user limits, or you could wait and see and upgrade to a
    50 user license on the 501 later if it is needed.

    On the whole, I would suggest that the 506E would be better.
    It is notably faster than the 501, does not have the user limits --
    and has more memory, which is going to be important when PIX 7.x is
    made available on the 501 and 506E .

    :Or is the 515e required at the head office
    :location simply because it is the "master" end of the tunnel?

    Not at all. We have 501 <-> 501 tunnels, and we have 501 <-> 506E
    tunnels.

    The 501 and 506/506E have the advantage of being able to use
    PPPoE, which is an login authentication method often used with DSL
    (though less often with business plans.) They can also do PPTP
    dialout.
    --
    "Who Leads?" / "The men who must... driven men, compelled men."
    "Freak men."
    "You're all freaks, sir. But you always have been freaks.
    Life is a freak. That's its hope and glory." -- Alfred Bester, TSMD
     
    Walter Roberson, Apr 30, 2005
    #2
    1. Advertising

  3. Thomas Miller

    ESM Guest

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:d50e8p$mgj$...
    > On the whole, I would suggest that the 506E would be better.
    > It is notably faster than the 501, does not have the user limits --
    > and has more memory, which is going to be important when PIX 7.x is
    > made available on the 501 and 506E .


    PIX501 can be purchased with a 50 user limit and an unlimited user limit.
    However, When you compare the price of a PXI501 unlimited to a PIX506E
    (which is unlimited) , it makes more sense to get the 506E because the costs
    are so close.

    I'd put the 506E as a minimum at the head office. I'd try and get more
    details from Cisco on PIX7.x and find out when it will realistically be out
    for PIX501 and 506E and what features will be lost. There are some great new
    features in PIX7.x for the higher model PIX's, some which you might find you
    really want, and could loose by using a 501 or 506E at the head office.
     
    ESM, May 2, 2005
    #3
  4. In article <cbode.46078$>,
    ESM <> wrote:
    :pIX501 can be purchased with a 50 user limit and an unlimited user limit.

    Yes, I specifically mentioned the 50 user license upgrade as a
    possibility.

    :However, When you compare the price of a PXI501 unlimited to a PIX506E
    :(which is unlimited) , it makes more sense to get the 506E because the costs
    :are so close.

    I'd put it at a lower breakpoint: that beyond about 25-30 users one
    should probably get the 506E. The OP had, though, a low-bandwidth
    situation and somewhere close to the 10 user limit. Under the
    circumstances, with PIX 6.x, it would make more financial sense to go
    for a 501 -- except for the factor that the 506E will surely be much
    better positioned to run more of PIX 7.x, so it is noticably more
    "future-proof" than the 501.
    --
    "Mathematics? I speak it like a native." -- Spike Milligan
     
    Walter Roberson, May 2, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    VL's Editor's Choices of 2005 @ Viperlair

    Silverstrand, Jan 3, 2006, in forum: Front Page News
    Replies:
    0
    Views:
    595
    Silverstrand
    Jan 3, 2006
  2. Choices in MCAD

    , Apr 23, 2005, in forum: Microsoft Certification
    Replies:
    1
    Views:
    594
    Cindy Winegarden
    Apr 23, 2005
  3. stuart.cameron

    Choices, choices

    stuart.cameron, Jun 27, 2004, in forum: Digital Photography
    Replies:
    1
    Views:
    533
    Surfworx Photography
    Jun 28, 2004
  4. Scott

    Choices, choices, choices.

    Scott, Oct 4, 2004, in forum: Digital Photography
    Replies:
    0
    Views:
    513
    Scott
    Oct 4, 2004
  5. Leeland Clay

    Choices, Choices!!!!

    Leeland Clay, Feb 11, 2006, in forum: MCAD
    Replies:
    2
    Views:
    381
    David Hearn
    Feb 13, 2006
Loading...

Share This Page