[vpn] Difference between PIX and VPN 3000
Dana J. Dawson
djdawso at qwest.com
Fri Jun 14 13:05:06 EDT 2002
Siddhartha Jain wrote:
> Hi,
>
> Whats the difference between the VPN features of a
> Cisco PIX and that of a Cisco VPN 3000?
>
> Regards,
>
> Siddhartha
>
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
>
> VPN is sponsored by SecurityFocus.com
The VPN 3000 is a full featured remote client access VPN concentrator, but has
no true firewall features (only the equivalent of packet filtering
access-lists). It can do site-to-site VPN as well, but that's not it's primary
function.
The PIX is primarily a firewall, and can also do VPN. It's a little better at
site-to-site than remote client access, since it doesn't support the IPSec
through NAT features that the 3000 does, and it also does not support local
username/password configuration that the 3000 does. These restrictions are
significant enough that I usually recommend to customers who really want VPN
client access into a PIX that they use Microsoft PPTP instead of the Cisco
client, mostly because of the NAT issue.
So, if you want a firewall and only need a few VPN clients, go with a PIX. If
you have significant VPN client requirements, go with the 3000.
HTH
Dana
--
Dana J. Dawson djdawso at qwest.com
Senior Staff Engineer CCIE #1937
Qwest Global Services (612) 664-3364
Qwest Communications (612) 664-4779 (FAX)
600 Stinson Blvd., Suite 1S
Minneapolis MN 55413-2620
"Hard is where the money is."
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list