What PIX for remote users

Discussion in 'Cisco' started by GMK, Oct 23, 2003.

  1. GMK

    GMK Guest

    Hi everyone,

    building a network at the moment that needs to connect HQ BRI with 3 remote
    BRIs. I was thinking of 2621s all around for routing. What would be the
    preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes will
    simply be dialling the HQ and the HQ would dial them back...

    Rgds,

    KG
    GMK, Oct 23, 2003
    #1
    1. Advertising

  2. In article <ELMlb.4$-net.net>,
    GMK <> wrote:
    :building a network at the moment that needs to connect HQ BRI with 3 remote
    :BRIs. I was thinking of 2621s all around for routing. What would be the
    :preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes will
    :simply be dialling the HQ and the HQ would dial them back...

    A PIX 501 should not have any problem handling 128 Kbit/s
    or even 3*128 Kbit/s.

    However, the PIX 501 is sold with a "per user" license
    (10, 50, unlimited), which isn't really per user but per-inside-host.
    If you are going to have more than 10 hosts active near-simultaneously
    (within about 3 minutes) then the entry 10-user 501 would not
    be sufficient.

    Considering that 128 Kbit/s is not very fast, I suspect each
    of your remote sites likely is not going to have more than 50
    simultaneous users... but more than 10 simultaneous is not out
    of the question on a line like that, especially if the machines
    have automated POP3 checking or something similar that is frequent
    but usually of low volume. Your HQ could plausibly need to be
    able to communicate with more than 50 total remote hosts within
    a short period (e.g., scanning to see if they have the latest
    patch installed.)

    The current street pricing on a PIX 501 with 50 user license is
    about 2/3 of the current street pricing of a PIX 506E. The
    506E is a noticably faster device, and has no per-user/per-host
    licensing.

    My recommendation is that in any location in which more than
    10 hosts might be contacted within a short time, that it is
    better to go with a 506E than with a 501 with 50-user license.
    The $US200 price difference gets quickly eaten up in additional
    support costs when the license breaks things.


    We have a 501 with 50 user license, dating back to the time
    when the 506E was nearly twice the price it is now. I hit the
    licensing limit on it every time I 'nmap' the remote LAN
    trying to figure out what devices are installed on it these days.
    The remote LAN is only about 3 IP addresses wide as far as the
    outside world is concerned, but I'm accessing it over a VPN
    so I get the full internal /24 -- and the process of building a
    translation to ARP for a remote machine counts as using a license slot
    per remote address. Only about 20 of the IPs are populated, but my
    VPN probes to figure out -which- 20 get messed up by the 50 license limit.
    --
    "WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG"
    WHEN QUINED, YIELDS A TORTOISE'S LOVE-SONG. (GEB)
    Walter Roberson, Oct 23, 2003
    #2
    1. Advertising

  3. Hi,

    The 2621's would be a little overkill to support a single bri interface. Are
    you sure you want the firewall if you're in a completely private network?
    You could go for one of the Cisco 17xx bundles with integrated firewall
    ios'es, they're cheaper than "2621 with pix506"-bundles.

    Erik


    "GMK" <> wrote in message
    news:ELMlb.4$-net.net...
    > Hi everyone,
    >
    > building a network at the moment that needs to connect HQ BRI with 3

    remote
    > BRIs. I was thinking of 2621s all around for routing. What would be the
    > preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes

    will
    > simply be dialling the HQ and the HQ would dial them back...
    >
    > Rgds,
    >
    > KG
    >
    >
    Erik Tamminga, Oct 24, 2003
    #3
  4. GMK

    GMK Guest

    On a couple of the 2621 I will require the 4 port BRI net module... hence
    the 2600 series.

    KG


    "Erik Tamminga" <> wrote in message
    news:3f99232f$0$2737$...
    > Hi,
    >
    > The 2621's would be a little overkill to support a single bri interface.

    Are
    > you sure you want the firewall if you're in a completely private network?
    > You could go for one of the Cisco 17xx bundles with integrated firewall
    > ios'es, they're cheaper than "2621 with pix506"-bundles.
    >
    > Erik
    >
    >
    > "GMK" <> wrote in message
    > news:ELMlb.4$-net.net...
    > > Hi everyone,
    > >
    > > building a network at the moment that needs to connect HQ BRI with 3

    > remote
    > > BRIs. I was thinking of 2621s all around for routing. What would be the
    > > preffered FW for these 4 routers? Would a PIX 501 suffice? The remotes

    > will
    > > simply be dialling the HQ and the HQ would dial them back...
    > >
    > > Rgds,
    > >
    > > KG
    > >
    > >

    >
    >
    GMK, Oct 24, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter Sale
    Replies:
    1
    Views:
    11,930
    Robin Walker
    Dec 11, 2004
  2. Bill F
    Replies:
    1
    Views:
    421
    Walter Roberson
    Nov 25, 2003
  3. Bill F
    Replies:
    7
    Views:
    4,001
    Bill F
    Nov 2, 2004
  4. measekite

    Attn: Panasonic FZ5 Users and Canon S1-IS Users

    measekite, May 26, 2005, in forum: Digital Photography
    Replies:
    17
    Views:
    578
  5. Giuen
    Replies:
    0
    Views:
    697
    Giuen
    Sep 12, 2008
Loading...

Share This Page