[vpn] Planing a VPN - Are we doing the best thing ?

Dana J. Dawson djdawso at qwest.com
Mon Jan 21 12:32:56 EST 2002 

You can do the site-to-site stuff with the PIX, but the 506 is limited to 25
total VPN peers, including VPN clients (this was changed in the PIX 6.1 software
- the old limit was 4 peers, but that conflicted with the new PIX 501).  Whether
this is enough to support your pool of users is tough to say.  I usually scale
VPN hardware by the bandwidth of encrypted traffic required, at least as a first
rough estimate.  The PIX 506 CPU is fast enough to do about 6 Mbits of 3DES (the
Cisco numbers vary on this), so even if you have a T1 you'll probably be ok,
especially if your encrypted traffic is only part of the traffic through the
PIX.  You're more likely to run into feature limits with the VPN client support,
since the PIX doesn't support all the features that a dedicated VPN concentrator
does.  The biggest missing feature is IPSec through NAT, which is a pretty
common requirement with all the DSL and cable modems out there.  With a pool of
around 30 users you're kind of on the border line of where a concentrator is
worth the cost.  A Cisco 3000 series concentrator starts at around $4000, and
there are cheaper ones from other vendors, so shop around.

HTH

Dana

-- 
Dana J. Dawson                     djdawso at qwest.com
Senior Staff Engineer              CCIE #1937
Qwest Global Services              (612) 664-3364
Qwest Communications               (612) 664-4779 (FAX)            
600 Stinson Blvd., Suite 1S        
Minneapolis  MN  55413-2620

"Hard is where the money is."


"Phillips, Kevin" wrote:
> 
> I have an office of 35 people and need to connect to 2 other offices of
> similar size. We will also have about 30 people total that will need access
> from home and on the road.
> The parent company IT group tell us we need to use the PIX 506 plus a 2000
> server running ISA for the firewall/VPN. I get the impression that the 506
> is not big enough and that a 515 is more suitable.
> I have looked around on vpnlabs.org and found a lot of info but still need a
> dummies guide to VPN.
> Thanks all,
> 
> Kevin Phillips
> IT Systems technician
> Barco Graphics
> 40 Westover Road
> Ludlow, MA 01056
> kevin.phillips at barco.com
> 
> VPN is sponsored by SecurityFocus.com

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list