I am preparing to implement the PIX 501 in a couple remote offices. We are planning on using the 501 and PPPoE over a DSL connection. We have 7 users at one of the sites. When reading through the documentation it says that the 501 can handle 5 simultaneous VPN connections. Does anybody know if this is inbound (to the remote site) or out bound (from the remote site). We plan on installing the VPN Client on the workstations at the remote site and create the tunnels out to HQ.Any information would be appreciated.
Each PIX 501 in your remote offices will be limited to 5 VPN tunnels (Inbound/Outbound) at any one time. This means that if you have 5 remote users connecting to the remote office at the same time, a sixth user will not be able to establish a connection until one of the others disconnects. It seems to me that since your users are actually "at" the site and not mobile, a "PIX-to-PIX" VPN would be a better solution. This way all internal users will have access to the remote site utilizing a single PIX-to-PIX tunnel. This would leave four tunnels left over you could use for mobile users configured with Cisco VPN Client or four more PIX-to-PIX tunnels for your other office locations to connect to your HQ. (Note: In a PIX-to-PIX tunnel there will be no need for your internal workstations to run the Cisco VPN Client since the PIX itself handles the authentication.) (Only mobile users or home users connecting via ISP will have to run the Client.) Hope this helps and makes sense!
Thanks muchs for the information, it makes perfect sense. This is exacly what I had thought, however my corportate HQ was stating the contrary. Since my original posting my HQ has decided to implement the Pix-to-Pix solution. Thanks again for the info.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...