Doubts about firewall Cisco PIX as VPN termination device

Jose Muniz MuniX-1 at PACBELL.NET
Wed Jan 17 23:44:18 EST 2001


I do not think that there is any security issues as far as you implement
it well,
and the biggest security void might be a human error and/or bad
implementation.
For this purpose there is much better firewall/VPN's that I will use for
a remote
access solution.
FW/VPN's are like cars, there is some of them that are good for the
typical company "Corp" that has a firewall dude and does not do other
than click around on the lame GUI.
There is others that are good for e-comerce and B2C and B2B
implementations,
and yet there is another kind that is well suited for ASP's etc.
There is some others that good for nothing...
The thing to keep in mind is that the PIX is inside under the hood a
Cheap PC..

Soooo.... If you do the math with a 600Megahertz CPU you can only
encrypt
so much data burning cycles, and the math will show that it is not a
good idea to use
a Pentium for encryption... there is crypto DES and 3DES cards out there
however they are costly so it adds up.
Just look for something that uses ASICS, to do the crypto and
firewalling stuff.

Jose Muniz

Venicio Vilas-Bôas wrote:
>
>      We have a firewall Cisco PIX. We would like to implement remote
> access. I read at FAQs that " by doing VPN on an existing firewall, you add
> some intense processing to a device whose original purpose was simply
> speaking, to control network access" and I also read that " because of
> security reasons we don't recommend to use the PIX as VPN termination
> device"  Then  I have some doubts:
>
> 1 ) Can I use or not firewall Cisco PIX as VPN termination device ? What is
> the security reasons for not using firewall Cisco PIX as a VPN termination
> device ?
>
> 2) How many VPN sessions a firewall Cisco PIX support ?
>
> 3 ) I have a documentation from Cisco denominated "An introduction to IP
> Security (IPSec) Encryption" , which shows how configure firewall IKE. This
> documentation permits configure ISAKMP SA using pre-shared Keys or CA. I
> would like to know  whether this documentation is enough for configure
> firewall Cisco PIX  as a VPN trermination device or I need another
> documentation ?
>
> 4 ) What differences among using firewall Cisco PIX and Cisco CVPN 3005 as
> VPN termination devices?
>
> I am look forward to hearing from you and thank you in advance for your
> help.
>
> Venicio
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list