Any replacement for Cisco 831?

The 831 is still a fine system - I just recently deployed one for VPN access into a friend's home network, and it works great.

However, if you want something newer / faster, you may want to take a look at the 851/871.

Cheers,

Aaron

Sure, the 851 and 871.

Depends on the product really. How long did the 25xx last in the market place before finally being EOL'd? 10 years? Even its replacement still is only just being EOL'd.

At the small-end, its all software. The hardware just gets faster and faster, and has more RAM and Flash available. The 8xx boxes are already restricted by its memory limits, they don't get all the IOS toys in anyway, because they are fairly small compared to the rest of the line.

Well, not right about your guesses, they are about the same either way to learn, and the VPN commands on the PIX are almost identical to the equivilent IOS commands. Its really what you want to do with them, and where you want to take your learning. The PIX is more fixed in what it can do, with good reason to be, but if you want to be working in security, you'll need to know PIX.

:>I want to connect two SOHO networks and I am leaning :>towards a CISCO 831 vs PIX 501. I prefer to learn to use :>a router rather than a firewall. And I am guessing creating VPN :>tunners between the two offices is easier with the 831 than the PIX 501. :>Am I right with my choice of 831?

:Well, not right about your guesses, they are about the same either :way to learn, and the VPN commands on the PIX are almost identical to :the equivilent IOS commands.

Not really for PIX 6.x, such as runs on the 501. The big realignment of PIX commands comes in PIX 7.0 which is not (might never be??) supported on the 501. But the design philosophies are quite similar, and there shouldn't be any big shock in transitioning between the 831 and 501.

Thank you all for all the information.

I am printing the data sheets for the 830, 850, 870 and PIX 501 and I will read and try to better understand the differences.

I want to ask you if i buy a PIX 501 or a 506E (no clue what the differences are) and an 871 and even maybe a third 831, would it be a problem if i tried to connect these 3 together? Technically I should be able to setup a 3 SOHO network using mixed Cisco 800 series and PIX series device? What's your opinion on this? Should i do this and mix devices? Since I am buying 2 or 3 routers I figure I might as well buy one of them a PIX so that I try to learn that too.

By the way which PIX model has the PIX 7.0?

I tried Cisco's online Product Guide help wizard and after a few pages the page said "There are no matching CISCO routers". Hard to believe when i simply selected simple things. I will call CISCO tomorrow and ask more questions.

Thank you very much

In article , serge wrote: :I want to ask you if i buy a PIX 501 or a 506E (no clue what :the differences are)

Reducing down to just the differences:

501:

- 133 MHz AMD SC520 processor; bus is one 32-bit 33 MHz PCI

- 16 Mb of SDRAM; 8 Mb of flash

- initial software: PIX 6.1(1)

- no Turbo ACL

- dhcp pool of 32 addresses for 10 user licenses

- dhcp pool of 128 addresses for 50 user licenses

- dhcp pool of 253 addresses for unlimited user licenses [according to 'configure factory-default ip-address netmask']

- dhcp pool of 256 addresses for unlimited user licences (requires netmask larger than /24) [according to 'dhcpd address']

- no manual configuration of SAs

- no OSPF support

- number of 'local hosts' limited by purchased license

- no 'sysopt ipsec pl-compatible' -- no support for Private Link

- "early versions" restricted to 256 Kb configuration file (not clear whether this is early hardware or early 6.x software) [according to 6.3 release notes]

- 256 Kb configuration file [according to 6.3 configuration overview]

- 1 Mb configuration file [according to 6.3 release notes]

- inside interface always shows up as 10000 Kbit full duplex in 'show interface' (< 6.3(1) ?) [observed in field]

- inside interface always shows up as 100000 Kbit full duplex in 'show interface' (6.3(1)) [according to PIX Command Reference]

- inside interface is a 4 port switch, with no way to address or configure or show information for the individual switch ports.

- no support for 802.1Q VLANs (logical interfaces)

- 60 Mbps cleartext, 7500 concurrent connections, 6 Mbps DES, 3 MBps 3DES, 4.5 Mbps AES-128

- 5 VPN peers (up to 6.2(*))

- 10 VPN peers (6.3(1))

506E:

- 300 MHz Intel Celeron processor; bus is one 32-bit 33 MHz PCI

- 32 Mb of SDRAM; 8 Mb of flash

- initial software release: 5.2(7)

- Turbo ACL support

- 'configure factory-default' *is* available

- dhcp pool of 32 addresses (up to 6.0(4))

- dhcp pool of 253 addresses [according to 'configure factory-default ip-address netmask']

- dhcp pool of 256 addresses (requires netmask larger than /24) [according to 'dhcpd address']

- manual configuration of SAs allowed

- OSPF support available

- Private Link supported via 'sysopt ipsec pl-compatible'

- 1 Mb configuration file

- no support for 802.1Q VLANs (logical interfaces) up to 6.3(3)

- 2 802.1Q VLANs (logical interfaces) as of 6.3(4)

- 4 VPN peers (5.3)

- 25 VPN peers (6.3)

- no configured VPN peer limit in 6.3(3), but 25 might be the practical limit

- 100 Mbps cleartext, 25000 concurrent connections, 20 Mbps DES, 17 Mbps 3DES, 30 Mbps AES-128

- 16 Mbps maximum VPN throughput [according to 506E/515E Q&A; 6.1(2) timeframe, might have improved later]

:and an 871 and even maybe a third 831, :would it be a problem if i tried to connect these 3 together?

No.

:Technically I should be able to setup a 3 SOHO network :using mixed Cisco 800 series and PIX series device?

Yes.

:What's your opinion on this? Should i do this and mix devices? :Since I am buying 2 or 3 routers I figure I might as well buy :one of them a PIX so that I try to learn that too.

If this is for learning, that sounds like a good idea.

:By the way which PIX model has the PIX 7.0?

515/515E, 525, 535.

Would you know by any chance if there are any complications or known issues if i try to connect to a Windows 2003 server using IPSEC?

Thank you

In article , serge wrote: ;Would you know by any chance if there are any complications ;or known issues if i try to connect to a Windows 2003 server ;using IPSEC?

It's Windows, how could there -not- be issues? ;-)

But to answer your question: No, I don't happen to know. The Cisco Technical Tips show how to configure it, if I recall properly.

There have been some difficulties in connecting with Windows Server discussed in the last few weeks, but I didn't pay enough attention to the threads to know whether it was IPSec direct connection problems or if it was IIS or if it was difficulties using Windows as a RADIUS server.