[VPN] VPN and FW separated or integrated ?

Joel M Snyder Joel.Snyder at Opus1.COM
Mon Mar 31 17:55:20 EST 2003 

Well, first of all, the PIX does not give you "all the VPNing 
capabilities you could dream of."  In fact, the PIX rates somewhere 
between "awkward" and "dysfunctional" when it comes to remote access VPN 
capabilities.  I won't comment on its capabilities for firewalling.

There are very good remote access VPN products from Cisco, and you've 
seen them: the Altiga (VPN 3000) products.  If you were to actually try 
and deploy with PIX versus Altiga, you would quickly discover the 
differences in their capabilities and functions, particularly as you got 
up to the 300 user level with a combination of 3002 and software 
clients.  (Other vendors who do this well include Check Point, 
NetScreen, Avaya, and Nortel)

This is not to say that the PIX isn't a very good site-to-site VPN 
device---it does that fairly well, particularly with the newer versions 
of Cisco's VMS management tool.

Generally, there are lots of reasons to keep firewall and VPN in 
separate boxes, just as there are lots of reasons to put them in the 
same box.  You need to really characterize lots of things in your 
environment, including both technical and political issues, to decide 
which is the best for your company.  Certainly, the decision should not 
hinge on whether or not a particular company's products integrate the 
function well.  In other words, you should design the correct solution, 
and only then figure out which products and services will provide the 
solution you want.

jms

Rudi Pierquin wrote:
> Hi,
> 
> We are currently looking to implement a homeworking
> solution for max 300 users. For this matter, i am
> wondering if any of you could tell me what is the
> benifit in buying separetly VPN and firewall device.
> More specifically, comparing the Cisco VPN3000 box
> with the PIX firewall, can somebody tell me why should
> i use a VPN3000 box if a PIX535 with 6.3 software on
> it give me all the VPN and FW capabilities I could
> dream of ?
> 
> Many thanks,
> 
> Rudi
> 
> ___________________________________________________________
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn


-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms at Opus1.COM    http://www.opus1.com/jms    Opus One

More information about the VPN mailing list