[vpn] Difference between PIX and VPN 3000

Dana J. Dawson djdawso at qwest.com
Fri Jun 14 13:05:06 EDT 2002


Siddhartha Jain wrote:

> Hi,
>
> Whats the difference between the VPN features of a
> Cisco PIX and that of a Cisco VPN 3000?
>
> Regards,
>
> Siddhartha
>
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
>
> VPN is sponsored by SecurityFocus.com

The VPN 3000 is a full featured remote client access VPN concentrator, but has
no true firewall features (only the equivalent of packet filtering
access-lists).  It can do site-to-site VPN as well, but that's not it's primary
function.

The PIX is primarily a firewall, and can also do VPN.  It's a little better at
site-to-site than remote client access, since it doesn't support the IPSec
through NAT features that the 3000 does, and it also does not support local
username/password configuration that the 3000 does.  These restrictions are
significant enough that I usually recommend to customers who really want VPN
client access into a PIX that they use Microsoft PPTP instead of the Cisco
client, mostly because of the NAT issue.

So, if you want a firewall and only need a few VPN clients, go with a PIX.  If
you have significant VPN client requirements, go with the 3000.

HTH

Dana

--
Dana J. Dawson                     djdawso at qwest.com
Senior Staff Engineer              CCIE #1937
Qwest Global Services              (612) 664-3364
Qwest Communications               (612) 664-4779 (FAX)
600 Stinson Blvd., Suite 1S
Minneapolis  MN  55413-2620

"Hard is where the money is."



VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list