Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX behind a 1710 VPN router

I am planning to use 3 x 1710 routers for a 3 sites VPN (1 head office 50 users, 2 branch offices 40 and 10 users) with 1 x PIX 515E at HO. Each site will have a fibre optic ISP connection, with ethernet cable termination. I prefer the 1710 in each branch office than a PIX 506, because 1710 comes with hardware VPN acceleration. I will place the PIX 515E in the HO, but IPSec will be terminated on the 1710. This seems to provide good VPN performance at signicantly lower cost.

Is this a right solution? Will it compicate the issue or I should better off using 3x PIX (1 515E and 2x 506E)?

Any contribution is appreciated?


New Member

Re: PIX behind a 1710 VPN router

What's your intended traffic flow - are you going to have web traffic going direct to the internet from the remote sites, or first tunneled back to your hub?

What are your throughput needs?

Are you likely to change ISP's, would routers that can adjust to different media types be better than firewalls that are only ethernet?

Do you need crypto functions that the pix can't support (multicast etc)?

Do you need firewall functions that the routers can't support?

What's the skillset in your company - which one can you better support?

Fill in the blanks and look at all the issues and you'll probably be able to answer this better than any of us?