Pix Choices

In article , Thomas Miller wrote: :I am putting together a regional network for a state :agency. Here is a basic breakdown of the network architecture I wish to :achieve:

:1 Main Office :6 Satellite Offices

:They travel to these remote locations :one at a time, three days a week. They spend one day at the remote location :then move to another location the next day. Only one remote location is in :use on any given day.

:This means that the remote sites now must communicate with the head :office and THEN be transported to the state mainframe via the link from the :head office to the mainframe.

:My question is this: which device would be best for the regional head office :for the VPN? I have already settled on the Pix 501 for the remote locations. :I originally planned to use another 501 for the head office end of the VPN :tunnel. However, I am looking at the 515e for the head office now. Is this :overkill?

Yes.

For your needs, I would expect that a PIX 501 or 506E would be sufficient.

I suspect if you look carefully you might find more than 10 IP devices in the regional office -- 6 PCs, yes, but then there's the printers and the fax machines, and the local PDC... If not now, then in the reasonable future.

A 501 can handle the bandwidth you indicated without difficulty. The base 501 has the "10 user" limit, which is 10 simultaneous IP addresses. You could either go for the 506E now and avoid all the user limits, or you could wait and see and upgrade to a

On the whole, I would suggest that the 506E would be better. It is notably faster than the 501, does not have the user limits -- and has more memory, which is going to be important when PIX 7.x is made available on the 501 and 506E .

:Or is the 515e required at the head office :location simply because it is the "master" end of the tunnel?

Not at all. We have 501 501 tunnels, and we have 501 506E tunnels.

The 501 and 506/506E have the advantage of being able to use PPPoE, which is an login authentication method often used with DSL (though less often with business plans.) They can also do PPTP dialout.

PIX501 can be purchased with a 50 user limit and an unlimited user limit. However, When you compare the price of a PXI501 unlimited to a PIX506E (which is unlimited) , it makes more sense to get the 506E because the costs are so close.

I'd put the 506E as a minimum at the head office. I'd try and get more details from Cisco on PIX7.x and find out when it will realistically be out for PIX501 and 506E and what features will be lost. There are some great new features in PIX7.x for the higher model PIX's, some which you might find you really want, and could loose by using a 501 or 506E at the head office.

In article , ESM wrote: :PIX501 can be purchased with a 50 user limit and an unlimited user limit.

Yes, I specifically mentioned the 50 user license upgrade as a possibility.

:However, When you compare the price of a PXI501 unlimited to a PIX506E :(which is unlimited) , it makes more sense to get the 506E because the costs :are so close.

I'd put it at a lower breakpoint: that beyond about 25-30 users one should probably get the 506E. The OP had, though, a low-bandwidth situation and somewhere close to the 10 user limit. Under the circumstances, with PIX 6.x, it would make more financial sense to go for a 501 -- except for the factor that the 506E will surely be much better positioned to run more of PIX 7.x, so it is noticably more "future-proof" than the 501.