I have a point to point network for a branch to my head office. I need to connect it to my Internal Network Switch 3750 port. I have a spare PIX 515E that is not in use. My question is that what will be better choice both security wise and speed wise between PIX 515E and Cisco 3750 switch. Should i make a VLAN in cisco 3750 and let this network communicate with my internal network servers (Exchange 2007, Terminal Server) through access list or connect it to PIX 515E first and then to the switch? The point to point link is connected like this:
Branch CPE > wireless provider > My Head Office CPE.
Security wise = pix firewall. A 3750 is not a security device and an acl is only a basic level of security.
Speed wise = 3750 but then again depends on how fast your connection is. There will always be some additional latency with a firewall but may not be noticeable.
It really depends on how secure you want the connection to be. If you don't trust the remote users then you should look at the pix. If your remote users are part of your existing company and they are trusted users as such then the pix doesn't really give you anything.
One other factor to bear in mind. If you need NAT then you will need to use the pix as the 3750 does not support NAT.
Edit - just noticed the connection is via wireless. How happy are you that the wireless link is secure ?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :