Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

New To VPN

Hi,

I'm new to VPN's and have a couple of questions

I want to set up a test env

L have a pix 506e and

Cisco Pix Client

1. Do I need to have a Vpn Concentrator to create the VPN or will the Pix surfice?

2. What is the min equipment for a VPN?

3. What is the most secure arch?

any resources would be great

Thanks

Conor

2 REPLIES

Re: New To VPN

Hello Conor,

Here is a link for configuring the PIX to do VPN.

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_user_guide_chapter09186a00801aed83.html

The PIX will do VPN so no you don't have to have a VPN Concentrator. I would say the minimum equipment required for a VPN from a Cisco perspective would be the software client and a hardware head-end device such as a router a PIX or the VPN Concentrator. Clientless (SSL) VPN will soon be available on the VPN Concentrator. I would guess it is coming for the PIX and routers at some point as well.

The most secure architecture is somewhat subjective. Cisco offers a SAFE blueprint on their official recommendations about it.

http://www.cisco.com/en/US/customer/netsol/ns340/ns394/ns171/ns128/networking_solutions_package.html

Hope this healps. Please remember to rate the post if you find it helpful.

Good luck,

Travis

Silver

Re: New To VPN

1. A ton of cisco devices can be a vpn backend these days. A vpn 3000 has some traffic management, encapsulation and other features. PIX is a great solution for many small businesses - basically - if you already have a pix, deploy it/study it until you convince yourself that it cannot meet your vpn needs.

2. A pix 501, 10 user license, is 400ish US - that is the cheapest, if you mean that for minimum equipment.

3. They all do IPSec. Some configurations are more and less secure - sharing a group password among many users is less secure on average. Using usernames and passwords is less secure than using digital certificates on average. These get to be very theoretical distinctions though - a theoretically secure configuration running a version of IOS or PIX os with a security hole is less secure than a theoretically less secure config with a updated version of software. So, in general I recommend paying some attention to the theoretical issues, but also concerning oneself with bugs, holes, and deployment issues.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Shows how to set up the pix with MS authentication via IAS, their radius server. You can instead use a local database of usernames and passwords on the pix itself - aaa server LOCAL

224
Views
0
Helpful
2
Replies
CreatePlease to create content