Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1151
Views
0
Helpful
3
Replies

PIX 501 Limitations

plebeian
Level 1
Level 1

‎04-19-2002 05:07 AM - edited ‎02-20-2020 10:02 PM

I am preparing to implement the PIX 501 in a couple remote offices. We are planning on using the 501 and PPPoE over a DSL connection. We have 7 users at one of the sites. When reading through the documentation it says that the 501 can handle 5 simultaneous VPN connections. Does anybody know if this is inbound (to the remote site) or out bound (from the remote site). We plan on installing the VPN Client on the workstations at the remote site and create the tunnels out to HQ.Any information would be appreciated.

0 Helpful
3 Replies 3

yizhar_h
Level 1
Level 1

‎04-21-2002 11:41 AM

HI.

The VPN connections mentioned reffers to VPN tunnels that the pix own interface is one of it endpoints, which is not the case you planned.

But you will might have other problems with the end users connecting to the main office via NAT at the pix and/or at the DSL device.

An alternative and I think a better design is to implement site to site VPN tunnels from the remote pix501 devices to the main office.

Each such tunnel will serve all remote clients behind it and will not be limitted by number of clients.

Bye

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

0 Helpful

cjansen2
Level 1
Level 1

‎05-04-2002 02:01 PM

Each PIX 501 in your remote offices will be limited to 5 VPN tunnels (Inbound/Outbound) at any one time. This means that if you have 5 remote users connecting to the remote office at the same time, a sixth user will not be able to establish a connection until one of the others disconnects. It seems to me that since your users are actually "at" the site and not mobile, a "PIX-to-PIX" VPN would be a better solution. This way all internal users will have access to the remote site utilizing a single PIX-to-PIX tunnel. This would leave four tunnels left over you could use for mobile users configured with Cisco VPN Client or four more PIX-to-PIX tunnels for your other office locations to connect to your HQ. (Note: In a PIX-to-PIX tunnel there will be no need for your internal workstations to run the Cisco VPN Client since the PIX itself handles the authentication.) (Only mobile users or home users connecting via ISP will have to run the Client.) Hope this helps and makes sense!

0 Helpful

plebeian
Level 1
Level 1
In response to cjansen2

‎05-04-2002 02:24 PM

Thanks muchs for the information, it makes perfect sense. This is exacly what I had thought, however my corportate HQ was stating the contrary. Since my original posting my HQ has decided to implement the Pix-to-Pix solution. Thanks again for the info.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card