Could a cisco pix 501 - 515 be used for Lan-To-Lan VPN ?

Posted on 2005-05-09
Last Modified: 2010-05-18
I need to setup a VPN between 4 sites (Mainly for 3 of the sites to access ressources in the 4th one)
For now it's only Lan-to-Lan but i also need to think about direct connections from users at home (Later, and not so urgent).
The main site has 25 users, and the 3 others, 5 users each.
Each site has fast internet connection, possibly with fixed ip adresses if needed.

We have no administrators (And only one programmer, me), but i have heard that pix501 for the 3 small sites and pix515 for the main site could be good solutions.
But it seem that thoses hardwares they are mainly routers (unlike VPN 3000 series) and i need to known if i could use them like that (Is it possible, did it has big performance concequences, ...).

I put 500 points because the question is prety urgent, and what i search is more a "Do the choice for me, corresponding to my criteria" that a simple question.
Question by:virtualblackfox
    LVL 43

    Assisted Solution

    That is the way to go.  PIX 515 at the main office and PIX 501's at the remote offices.  VPN tunnels will work like a charm.
    LVL 13

    Assisted Solution

    There are a lot of potential options out there for doing what you want to do, but I don’t see any reason a PIX solution wouldn’t be a good option, I know it would be at the top of my list, and once it’s deployed it should be about as service free as it gets. You will want to get fixed addresses all around, but you will really want that for any solution you might choose as even if you can get it to work with dynamic addresses, having fixed ones will make it easer to troubleshoot.    
    LVL 79

    Accepted Solution

    Agree with all above, but the 515e might be overkill for the main site. You could easily get by with a 506e for 1/2 the cost.
    Fixed IP on the main site and it really doesn't matter at the remotes.

    Data sheet:

    Words of advice:
    * You can most likely qualify for free 3DES license key upgrade. Quick and easy form to fill out online and get your new key in minutes.
    * Get SmartNet maintenance - 8x5xnext business day on all Cisco products, and keep it renewed anually.. you'll be glad you did.. free upgrades to 7.0 "lite" for the 501's and 506 when it comes out..


    Author Comment

    Thanks a lot everyone, specially lrmoore for the advices.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now