1. Home
  2. Cisco Systems
  3. Pix 501 and Concurrent VPN Connections

Pix 501 and Concurrent VPN Connections

Hello,

I find myself in the position of taking over a small office network that uses a Pix 501 primarily for the main Internet firewall and VPN. Currently, this device needs to support 4 external VPN connections at any given time and up to six internal (office systems). The 501 has a ten user license and currently has a problem with VPN connections that cannot always connect. I haven't had a chance to dig into log files yet as I fully haven't taken over, but was told (by a self proclaimed expert) that the 501 has difficulty handling more than 2 external VPN connections simultaneously due to it's slow processing power. So two question--is this "expert" correct and should I look into a slightly beefier Pix, or is this likely a licensing issue? I know that the four external devices obviously use a license, but am not clear on if internal office devices use one as well. The specs on the 501 show that it should easily be able to handle this scenario, that why I need feedback from real users.

Any help or advice on where to look for further insight would be greatly appreciated.

Thanks,

-Jay

Reply to
jaylucasaustin.rr.com
Loading thread data ...

Hi

We have a PIX 501 and it currently Handles 7 VPN tunnels and about twenty users Behind (The 501 is unlimited license).

Overall nor problems.

Though VPN's do hit the processor quite hard and our VPN's seam quite low through put. IF your VPN traffic no matter how many tunnels is over

1 mg/s I would upgrade to a diffent pix.

The internal devices do use a license.

Peter

Reply to
Peter Simons

Thanks Peter,

Just to clarify, do you know if the 501 handle both hardware and software VPN connections the same? Some of the connections that I need to support are hardware and some use the Cisco software client. Also, are you saying that the aggregate VPN throughput is only 1 megabit per second, or is this per VPN link?

Thanks,

Reply to
jaylucasaustin.rr.com

The 501 has no Hardware acceleration. It treats PIX to PIX and Cisco client to PIX connections the same.

With the setup I have I would say it is total through put. But also remember that processor utilsation will vary from installation as it depends on how many rules you have and what other functions you use.

if you have a windows environment down load a simple snmp monitor

formatting link
and follow the advice some one supplied to me earlier

formatting link
Peter

Reply to
Peter Simons

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.