Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PIX 506

Posted on 2005-05-14
7
Medium Priority
?
201 Views
Last Modified: 2010-04-11
I am in the process of connecting two building together utilizing WiFi and it was recommended by the vendor to also drop a PIX-506 on each end then create a tunnel that the data between two site will pass thru.  Neat idea I said, but I am new to VPN stuff and wonder if anybody has a sample as to how to accomplish?  Any suggestion is greatly appreciated.  I am stuck on using the PIX-506.

As always, thank you for your time on this matter.
0
Comment
Question by:CVCB-NetAdmin
7 Comments
 
LVL 7

Expert Comment

by:CiaranDolan
ID: 14003941
Then you are so far up a creek that a paddle will be useless!

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2115/

Tell the vendor to get stuffed and buy a couple of simple VPN devices (Juniper NEtscreen or Sonicwall are good bets).

Actually, thinking about it - why do you need to VPN over your private WiFi connection anyway? I assume you have enabled security at each endpoint so they can only talk to each other? If so, then your vendor is screwing you into buying rubbish end-of-life kit that he wants to shift! Dump the vendor, sort out a rotating rncryption key wifi security system and forget the VPN.
0
 
LVL 16

Accepted Solution

by:
kbbcnet earned 1500 total points
ID: 14003954
VPN Tunnel Config: http://www.cisco.com/en/US/tech/tk827/tk369/tk388/tsd_technology_support_sub-protocol_home.html
----------------------------

According to Cisco:
The PIX 506 is designed specifically for the small office/remote office environment. It supports 10Mbps of regular traffic, and 4-7 Mbps of 3DES two-way encrypted traffic. The number of connections will be dictated by their individual bandwidth requirements, but in general you can expect something like 8-10. [generally used between lan & internet]
The PIX 506 also supports IPsec VPNs and has two ethernet connections.

A PIX is a firewall with VPN options and a VPN 3000 is VPN only device. VPNs are most often used to tunnel across the Internet. Example: Although VPN 3000 can be used for lan to lan conectiivty, it is usually used for remote access and the Cisco 7100 for Lan to lan.
----------------------

Other considerations:
Cisco & other Wifi access points with line of sight between two building should allow 300' to 2000'.  These devices usually have good security capabilites.
How far apart are your buildings & what Wifi devices are you using?
For what security reason did the vendor think you needed PIX-506 Firewalls on either end - i.e, what do you want to acomplish?
What is the number of network users in each building & what is your network bandwidth 10 Mb? 100Mb? 1Gb?
Do you have Internet access in either building?
-------------------
Hope this helps!
0
 
LVL 16

Expert Comment

by:kbbcnet
ID: 14007708
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 18

Expert Comment

by:decoleur
ID: 14014166
CVCB-NetAdmin-

I would have to agree with kbbcnet on this one, you really need to define what kind of WIFI connection (capacity) are you planing on using and how far the buildings are apart? Are you planning on using access points or routers and have you picked a brand. I think it is important in the sense that you might be able to get the functionality that you desire without having to get and configure pixii (sp?).

It is possible to get WIFI bridges that use a combination of directional antennae and some sort of encrypted tunneling protocol that can traverse the distances mentioned without allowing external users to hop onto your network. If bandwidth is a concern there are wireless solutions that can scale up to T3 speeds, but everything comes with a cost.

The PIX 506E is a pretty robust solution but at 1295 each I am not sure if that is what you really want.

Hope this helps.

-t
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 14017642
Since you are "stuck on using the PIX-506", it's a simple matter to create a LAN-LAN tunnel, but don't use the link that kbbcnet because you are not an Easy VPN client/server. Using the VPN Wizard in the GUI, it is a very painless process.
Here's the command line explaination for a "Simple IPSEC LAN-LAN connection between two PIX's"
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

I'm OK with using the VPN tunnel inside the wirless bridge. It's not a bad idea.
You're not up a creek without a paddle.
The PIX *is* a "simple VPN device" IMHO

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 14017657
BTW, yes, the classic 506 "is" end-of-lifed, but the 506e model is still being sold and supported, and will be for a good long time.
The "e" stands for "enhanced VPN capabilities"
It also adds 10/100 capabilities to the old 10Mb only of the original 506

0
 
LVL 16

Expert Comment

by:kbbcnet
ID: 14028191
------------
Configuring Cisco SOHO VPNs:
Site1 & Site2
IKE & IPSEC  
Confiuration Examples
Troubleshooting procedures
http://www.linuxhomenetworking.com/cisco-hn/vpn-cisco.htm
------------
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question