PIX 506

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


Hi

I've noticed that the PIX 506 doesn't appear to be stocked by most
suppliers, is there a newer replacement?

Thanks
Ewan.

Re: PIX 506


wrote:

| Hi
|
| I've noticed that the PIX 506 doesn't appear to be stocked by most
| suppliers, is there a newer replacement?

It's end of life.
ASA5505 is its replacement.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps4336/prod_eol_notice0900aecd80731dfa.html

Re: PIX 506


* Ewan McNab wrote:
Quoted text here. Click to load it

All PIXes are EOL and EOS. Please stick to ASA.

Re: PIX 506
Hello,

We have just recently connected to our company's large domain.  Our
little subsidiary here consist of about 300 people.  We were connected
in the following manner:

[Corporate]
     |
     |
[Some Router]
     |
     |
[Our Company's Server LAN] (This includes our e-mail server)
     |
     |
[Pix 506]
     |
     |
[Our Company's LAN]

I've taken a look at the Pix, and everything looks correct.  However,
ever since we put in the PIX, there are people on the network that have
trouble sometimes connecting to the e-mail server.  Eventually,
everything will connect, but sometimes it takes 30 seconds to a minute.
 The PIX is configured so that [Our Company's LAN] is actually on the
outside of it.  I thought that was funny since we are considered to be
the bad people, but it does make sense.  It's also configured so that
it responds to any ARP request for anybody on [Our Company's LAN].  I'm
wondering if the PIX just can't support 300 users trying to connect to
our e-mail server.  If we upgrade the PIX 506 to a larger better PIX,
will this possibly solve the situation?

Thanks,
-- Jim


Re: PIX 506
300 users for a PIX-506, imho is suicide. i'm not sure what the exact
specs are for these 'soho' firewalls but please do not forget the 's'
which stands for 'small'. again, imho, you need to upgrade to at least
a 515. but please review my notes below prior to upgrading for an
upgrade will not necessarily fix a bigger configuration problem.


* you mentioned that 'everything looks correct' on the pix.
* you mentioned that '[Our Company's LAN] is actually on the outside of
it.  I thought that was funny since we are considered to be the bad
people, but it does make sense.'

i don't believe that you should be seeing a significant amount of users
having problems accessing network services, unless, something is not
configured properly.

double-check your configuration (again), unless you want to post your
config and give everyone the opportunity to review it. otherwise, i
find it a little disconcerting as to how you have placed your LAN on
the 'outside' interface of the firewall. this *will* change how you
apply statics, nats, globals and acls, among other things, on your PIX.

do not upgrade unless you are 100% sure, your config is clean.


CWP wrote:
Quoted text here. Click to load it
connected
have
minute.
be
I'm
to


Site Timeline