[vpn] Difference between PIX and VPN 3000

Jim Terry jtixthus at attbi.com
Sun Jun 16 12:41:38 EDT 2002 

Hi all,

My guess was with the new PIX with the e after the model was the
concentrator was probably on its way out.  The new PIXs do as many IPSEC
tunnels as the Concentrators.

Additionally, for username and password configuration you need AAA.

JT

----- Original Message -----
From: "Dana J. Dawson" <djdawso at qwest.com>
To: "Siddhartha Jain" <losttoy2000 at yahoo.co.uk>
Cc: <vpn at securityfocus.com>
Sent: Friday, June 14, 2002 10:05 AM
Subject: Re: [vpn] Difference between PIX and VPN 3000


> Siddhartha Jain wrote:
>
> > Hi,
> >
> > Whats the difference between the VPN features of a
> > Cisco PIX and that of a Cisco VPN 3000?
> >
> > Regards,
> >
> > Siddhartha
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Everything you'll ever need on one web page
> > from News and Sport to Email and Music Charts
> > http://uk.my.yahoo.com
> >
> > VPN is sponsored by SecurityFocus.com
>
> The VPN 3000 is a full featured remote client access VPN concentrator, but
has
> no true firewall features (only the equivalent of packet filtering
> access-lists).  It can do site-to-site VPN as well, but that's not it's
primary
> function.
>
> The PIX is primarily a firewall, and can also do VPN.  It's a little
better at
> site-to-site than remote client access, since it doesn't support the IPSec
> through NAT features that the 3000 does, and it also does not support
local
> username/password configuration that the 3000 does.  These restrictions
are
> significant enough that I usually recommend to customers who really want
VPN
> client access into a PIX that they use Microsoft PPTP instead of the Cisco
> client, mostly because of the NAT issue.
>
> So, if you want a firewall and only need a few VPN clients, go with a PIX.
If
> you have significant VPN client requirements, go with the 3000.
>
> HTH
>
> Dana
>
> --
> Dana J. Dawson                     djdawso at qwest.com
> Senior Staff Engineer              CCIE #1937
> Qwest Global Services              (612) 664-3364
> Qwest Communications               (612) 664-4779 (FAX)
> 600 Stinson Blvd., Suite 1S
> Minneapolis  MN  55413-2620
>
> "Hard is where the money is."
>
>
>
> VPN is sponsored by SecurityFocus.com
>


VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list