?
Solved

PIX 506 or 515?

Posted on 2001-08-16
6
Medium Priority
?
282 Views
Last Modified: 2010-04-11
Hi all,

In our small office, about 20 users, some users are mobile users and they connect to our network using 56k modem through MS VPN. At the moment we only have MS proxy server for security and we know it is not enough, so we decide to have a PIX. But, I am not sure whether I should get 506 or 515. After studying some information on net, I know that 506 can not upgrade and 515 is more flexible for future upgrade. Let say, if our company will not have more than 20 people for the next 2 year. Can 506 do the job? VPN is also a issue, should I use Cisco VPN or stick to MS VPN? PPTP or L2TP? DES or 3DES? I know it is better to use Cisco VPN for security but my other concern is the speed because some mobile user use 56k modem. Any input will be appreciated.

Thanks,
Kwank
0
Comment
Question by:kwank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 6395295
My vote goes to the 515R (Restricted user license vs unrestricted - big differnce in price, and you can upgrade later if you have more than 100 users).
The 515 supports IPSEC VPN's to Cisco IPSEC client at up to 168-bit 3DES encryption. The 506 is restricted to 4 simultaneous users. The 506 is really designed for SOHO 2-4 user environments.
In sum:
PIX 515R
Cisco IPSEC Client (zero cost) using 3DES encryption

Do the users dial directly into a modem bank at your location? If so, regardless of 56k modems or not, you will only see 33.6 or 36k tops because both ends are analog.
Option: Get a direct Internet connection (frac T-1 or something), and set your users up with dial-up Internet accounts (AOL, AT&T Worldnet, UUDIAL, etc). User dials into the ISP (connects at 43-53K at digital modem bank), and then opens the IPSEC connection to your firewall. Now you don't have to maintain the modem bank and your PPTP server can be used elsewhere.
0
 

Author Comment

by:kwank
ID: 6395365
Irmoore,

Thanks for your input.
Sorry, I did not make it clear on my quesiotn. Our server do have a lease line directly connect to the internet and moblie users do use the method that you mention to connect to our server. What is the speed like if we have Cisco IPSEC Client using 3DES encryption compare to MS VPN Client? Is it acceptable for 56k modem?  

Thanks,
Kwank
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6395515
I think the speed is better with Cisco IPSEC than with Microsoft PPTP, but over 56k you really can't tell the difference.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 79

Expert Comment

by:lrmoore
ID: 6396748
I think the speed is better with Cisco IPSEC than with Microsoft PPTP, but over 56k you really can't tell the difference.
0
 

Author Comment

by:kwank
ID: 6400838
Irmoore,

Last question, how do I make the PIX 515R and Cisco IPSEC client to work with the NT4 server which is also a PPTP and proxy server?

Thanks,
Kwank
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 800 total points
ID: 6400876
There are many ways to do it..
Any more specific than this, I think you should open a new question..

use your PIX in place of the PPTP server
With IPSEC client
http://www.cisco.com/warp/customer/110/pix3000.html
With MS VPN Client
http://www.cisco.com/warp/customer/110/pptppix.html

PPTP Behind the firewall
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/tips/15tipsfo.asp
(See Using Firewall Ports)
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question