Doubts about firewall Cisco PIX as VPN termination device

Venicio Vilas-Bôas venicio_boas at BR.SCHINDLER.COM
Wed Jan 17 06:51:10 EST 2001

     We have a firewall Cisco PIX. We would like to implement remote
access. I read at FAQs that " by doing VPN on an existing firewall, you add
some intense processing to a device whose original purpose was simply
speaking, to control network access" and I also read that " because of
security reasons we don't recommend to use the PIX as VPN termination
device"  Then  I have some doubts:

1 ) Can I use or not firewall Cisco PIX as VPN termination device ? What is
the security reasons for not using firewall Cisco PIX as a VPN termination
device ?

2) How many VPN sessions a firewall Cisco PIX support ?

3 ) I have a documentation from Cisco denominated "An introduction to IP
Security (IPSec) Encryption" , which shows how configure firewall IKE. This
documentation permits configure ISAKMP SA using pre-shared Keys or CA. I
would like to know  whether this documentation is enough for configure
firewall Cisco PIX  as a VPN trermination device or I need another
documentation ?

4 ) What differences among using firewall Cisco PIX and Cisco CVPN 3005 as
VPN termination devices?

I am look forward to hearing from you and thank you in advance for your


VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list