PIX 506 or 515?

Hi all,

In our small office, about 20 users, some users are mobile users and they connect to our network using 56k modem through MS VPN. At the moment we only have MS proxy server for security and we know it is not enough, so we decide to have a PIX. But, I am not sure whether I should get 506 or 515. After studying some information on net, I know that 506 can not upgrade and 515 is more flexible for future upgrade. Let say, if our company will not have more than 20 people for the next 2 year. Can 506 do the job? VPN is also a issue, should I use Cisco VPN or stick to MS VPN? PPTP or L2TP? DES or 3DES? I know it is better to use Cisco VPN for security but my other concern is the speed because some mobile user use 56k modem. Any input will be appreciated.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

My vote goes to the 515R (Restricted user license vs unrestricted - big differnce in price, and you can upgrade later if you have more than 100 users).
The 515 supports IPSEC VPN's to Cisco IPSEC client at up to 168-bit 3DES encryption. The 506 is restricted to 4 simultaneous users. The 506 is really designed for SOHO 2-4 user environments.
In sum:
PIX 515R
Cisco IPSEC Client (zero cost) using 3DES encryption

Do the users dial directly into a modem bank at your location? If so, regardless of 56k modems or not, you will only see 33.6 or 36k tops because both ends are analog.
Option: Get a direct Internet connection (frac T-1 or something), and set your users up with dial-up Internet accounts (AOL, AT&T Worldnet, UUDIAL, etc). User dials into the ISP (connects at 43-53K at digital modem bank), and then opens the IPSEC connection to your firewall. Now you don't have to maintain the modem bank and your PPTP server can be used elsewhere.
kwankAuthor Commented:

Thanks for your input.
Sorry, I did not make it clear on my quesiotn. Our server do have a lease line directly connect to the internet and moblie users do use the method that you mention to connect to our server. What is the speed like if we have Cisco IPSEC Client using 3DES encryption compare to MS VPN Client? Is it acceptable for 56k modem?  

I think the speed is better with Cisco IPSEC than with Microsoft PPTP, but over 56k you really can't tell the difference.
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

I think the speed is better with Cisco IPSEC than with Microsoft PPTP, but over 56k you really can't tell the difference.
kwankAuthor Commented:

Last question, how do I make the PIX 515R and Cisco IPSEC client to work with the NT4 server which is also a PPTP and proxy server?

There are many ways to do it..
Any more specific than this, I think you should open a new question..

use your PIX in place of the PPTP server
With IPSEC client
With MS VPN Client

PPTP Behind the firewall
(See Using Firewall Ports)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.