[VPN] VPN and FW separated or integrated ?

Ryan Malayter rmalayter at bai.org
Mon Mar 31 18:06:25 EST 2003

I really can't think of any security benefits to having separate devices. Internally, the 535 can behaves as a VPN device and a firewall placed serially on the network.

>From what I read in Cisco's literature, the 535 has every feature and capacity that the 3000 series has to offer. The PIX 535 supports 440 Mbps of triple-DES encrypted IPsec traffic, so I don't think you're going to be stretching the bounds of the PIX device unless you have a 622 Mbps OC-12 or better internet pipe.

The only reason to have separate devices, in my mind, is if you want to separate firewall and VPN administration to a degree not possible on a single device like the PIX. For example, you may not want administrators with root-level access to the firewall to be able to control anything on the VPN side. Or you may want separate physical administration of one box or the other for some high-security application. 

In my opinion, you should probably look at other manufacturers as well... Cisco's not known for having the best price/performance ratio in the industry.

Ryan Malayter
Sr. Network & Database Administrator
Bank Administration Institute
Chicago, Illinois, USA
PGP Key: http://www.malayter.com/pgp-public.txt
I am prepared to meet my Maker. Whether my Maker is prepared for the great ordeal of meeting me is another matter.
     -Sir Winston S. Churchill

-----Original Message-----
From: Rudi Pierquin [mailto:pierudi at yahoo.fr] 
Sent: Monday, March 31, 2003 8:31 AM
To: vpn at lists.shmoo.com
Subject: [VPN] VPN and FW separated or integrated ?


We are currently looking to implement a homeworking
solution for max 300 users. For this matter, i am
wondering if any of you could tell me what is the
benifit in buying separetly VPN and firewall device.
More specifically, comparing the Cisco VPN3000 box
with the PIX firewall, can somebody tell me why should
i use a VPN3000 box if a PIX535 with 6.3 software on
it give me all the VPN and FW capabilities I could
dream of ?

Many thanks,


Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com
VPN mailing list
VPN at lists.shmoo.com

More information about the VPN mailing list