I the network engineer for a company with about 150 users at the corp. site and 102 stores nationwide. The stores have at least five computers per location. We are in the process selecting a broadband ISP for DSL services at all 102 stores.
We are also replacing our firewall with a PIX unit.
I can visualize the network, but just wanted to toss some questions out there:
Which VPN concentrator would best fit our organization?
I would like to do site to site VPN's. Will I need PIX 501's at each site or can I use VPN client?
Which Firewall will best fit our organization?
Do I need a 3DES Firewall?
Because we will have multiple T1's (probably 3)at the host site will our existing Cisco 3640 router be suficient?
pix 501s at each site will work great. you do not want to support software vpn clients on all of those machines. That said, what hardware will the broadband ISP be providing for customer premises equipment? If it is a cisco router (even a low end one), with a minor upgrade it may be able to run an IOS with IOS firewall and IPSec support.
For concentrators, you would want to think about redundancy, and how much throughput you will need.
3des is now a free option on PIXen - it is no longer an extra license fee. 3des is a best practice - there is no reason to use DES in a new deployment.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :