[VPN] Recommendations

Siddhartha Jain losttoy2000 at yahoo.co.uk
Fri Apr 9 03:22:46 EDT 2004


> I've looked at the PIX-501, but I've always been a
> little scared of per-user
> licensing. If I purchased a 10-user PIX-501, and set
> it behind the SDSL at
> the main office, it would only allow 10 users to get
> Internet access?

Yes, it will only allow 10 IP addresses to pass out to
the internet. Maybe, you could setup a web proxy (if
its only web access that your users want) and then NAT
it to go out. That way you can do with a 10-user
license.

> 
> No matter what product I choose, would a
> site-to-site VPN work with a static
> address on one side and a dynamic on the other?

Yes, you can do this. Look at:
http://cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml

> 
> Would any PIX handle PPPoE with a dynamically
> assigned IP?

Why do you want to do PPPoE? Do IPSec.

> The company is cost-conscious, and I've looked at
> the PIX-506E, without the
> per-user licensing, but it is 50% more.

Your management bought an AS/400 but can't afford a
PIX 506E?? :)

> 
> Any comments or suggestions as to which products I
> should look at would be a
> great boon to me. I prefer Cisco products, because I
> am familiar with their
> interface, but am flexible.
> 

Look at Sonicwall and NetScreen. Both pack in more
features that Cisco PIX, both have pretty good web
GUIs and simpler configuration.

A tip on PIX: If you plan on using its Web GUI, then
configure it from scratch using the GUI. If you
configure it from CLI during installation and later
try to switch to the GUI, you may run into trouble.

HTH,

Siddhartha



	
	
		
____________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html



More information about the VPN mailing list