PIX 506

Posted on 2005-05-14
Last Modified: 2010-04-11
I am in the process of connecting two building together utilizing WiFi and it was recommended by the vendor to also drop a PIX-506 on each end then create a tunnel that the data between two site will pass thru.  Neat idea I said, but I am new to VPN stuff and wonder if anybody has a sample as to how to accomplish?  Any suggestion is greatly appreciated.  I am stuck on using the PIX-506.

As always, thank you for your time on this matter.
Question by:CVCB-NetAdmin
    LVL 7

    Expert Comment

    Then you are so far up a creek that a paddle will be useless!

    Tell the vendor to get stuffed and buy a couple of simple VPN devices (Juniper NEtscreen or Sonicwall are good bets).

    Actually, thinking about it - why do you need to VPN over your private WiFi connection anyway? I assume you have enabled security at each endpoint so they can only talk to each other? If so, then your vendor is screwing you into buying rubbish end-of-life kit that he wants to shift! Dump the vendor, sort out a rotating rncryption key wifi security system and forget the VPN.
    LVL 16

    Accepted Solution

    VPN Tunnel Config:

    According to Cisco:
    The PIX 506 is designed specifically for the small office/remote office environment. It supports 10Mbps of regular traffic, and 4-7 Mbps of 3DES two-way encrypted traffic. The number of connections will be dictated by their individual bandwidth requirements, but in general you can expect something like 8-10. [generally used between lan & internet]
    The PIX 506 also supports IPsec VPNs and has two ethernet connections.

    A PIX is a firewall with VPN options and a VPN 3000 is VPN only device. VPNs are most often used to tunnel across the Internet. Example: Although VPN 3000 can be used for lan to lan conectiivty, it is usually used for remote access and the Cisco 7100 for Lan to lan.

    Other considerations:
    Cisco & other Wifi access points with line of sight between two building should allow 300' to 2000'.  These devices usually have good security capabilites.
    How far apart are your buildings & what Wifi devices are you using?
    For what security reason did the vendor think you needed PIX-506 Firewalls on either end - i.e, what do you want to acomplish?
    What is the number of network users in each building & what is your network bandwidth 10 Mb? 100Mb? 1Gb?
    Do you have Internet access in either building?
    Hope this helps!
    LVL 16

    Expert Comment

    LVL 18

    Expert Comment


    I would have to agree with kbbcnet on this one, you really need to define what kind of WIFI connection (capacity) are you planing on using and how far the buildings are apart? Are you planning on using access points or routers and have you picked a brand. I think it is important in the sense that you might be able to get the functionality that you desire without having to get and configure pixii (sp?).

    It is possible to get WIFI bridges that use a combination of directional antennae and some sort of encrypted tunneling protocol that can traverse the distances mentioned without allowing external users to hop onto your network. If bandwidth is a concern there are wireless solutions that can scale up to T3 speeds, but everything comes with a cost.

    The PIX 506E is a pretty robust solution but at 1295 each I am not sure if that is what you really want.

    Hope this helps.

    LVL 79

    Expert Comment

    Since you are "stuck on using the PIX-506", it's a simple matter to create a LAN-LAN tunnel, but don't use the link that kbbcnet because you are not an Easy VPN client/server. Using the VPN Wizard in the GUI, it is a very painless process.
    Here's the command line explaination for a "Simple IPSEC LAN-LAN connection between two PIX's"

    I'm OK with using the VPN tunnel inside the wirless bridge. It's not a bad idea.
    You're not up a creek without a paddle.
    The PIX *is* a "simple VPN device" IMHO

    LVL 79

    Expert Comment

    BTW, yes, the classic 506 "is" end-of-lifed, but the 506e model is still being sold and supported, and will be for a good long time.
    The "e" stands for "enhanced VPN capabilities"
    It also adds 10/100 capabilities to the old 10Mb only of the original 506

    LVL 16

    Expert Comment

    Configuring Cisco SOHO VPNs:
    Site1 & Site2
    IKE & IPSEC  
    Confiuration Examples
    Troubleshooting procedures

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now