Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Replacing a router with a PIX for internet access

Hello,

we are currently connecting our main and remote offices together with a mix of Cisco routers (3540, 2600s, 1720s) using IPSec tunnels and access-lists on the serial interfaces to only allow the serial IPs of the other routers in (the encapsulated private LAN traffic). Now, we would like to setup a proxy/firewall for internet access and setup remote access for remote PC users. Could a PIX 500 series device be used to replace a 3640 at our main site (or at least move the internet T1 to the PIX and setup all of the tunnels on this device then pass traffic to the router)? I think this may be fine for the firewall part...but can the PIX handle remote VPN Windows clients like a concentrator or would it be better to use a VPN concentrator for this part? Any suggestions or pointers would be greatly appreciated.

Thanks,

John.

2 REPLIES
Bronze

Re: Replacing a router with a PIX for internet access

John,

PIX can be used to terminate the client tunnels as well. However, a VPN3000 concentrator has more features.

If you do with th ePIX implementation. The following link would help:

http://www.cisco.com/warp/public/110/cvpn3k_pix_ias.html

Jazib

Silver

Re: Replacing a router with a PIX for internet access

PIXen only have ethernet interfaces, so that might be a problem

PIXen support pass thru auth for proxies,etc. You should be able to make most setups work.

The PIX can handle the software vpn clients similarly to a concentrator. Generally the PIX plays catch up to the concentrators for features, but it should work.

90
Views
0
Helpful
2
Replies
CreatePlease to create content