If you are planning on doing remote access, Id suggest going with a VPN concentrator separately from the firewall. The VPN 3000 and 5000 series are very fast and they work well. I like the PIX for a firewall solution too and keep my router configs basic and simple. Combining all these functions on a router is very taxing and administratively burdensome. Just my thoughts.
We are using a PIX 520 at our central site with multiple remote sites using PIX 506's connected via full T1's with very good success. The 506's take care of a full T1 with ease. Triple des encryption was a bit rough on the 520 when all the remotes were going steady at over 512k each so we are using single des and it is steady as a rock.
A bit more info for those that want details: isakmp is pre-shared keys with des encryption md5 hash, transform set is esp-des esp-md5-hmac, 4 remote sites with everyone in the 10.122.x.0/24 subnets, our 60 plus other sites are semi-meshed on frame-relay between 64k-1544k links in the 10.x.0.0/16 networks and we mesh some VPN sites with each other through multiple tunnels.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :