05-12-2003 06:59 AM - edited 02-20-2020 10:44 PM
Hello,
we are currently connecting our main and remote offices together with a mix of Cisco routers (3540, 2600s, 1720s) using IPSec tunnels and access-lists on the serial interfaces to only allow the serial IPs of the other routers in (the encapsulated private LAN traffic). Now, we would like to setup a proxy/firewall for internet access and setup remote access for remote PC users. Could a PIX 500 series device be used to replace a 3640 at our main site (or at least move the internet T1 to the PIX and setup all of the tunnels on this device then pass traffic to the router)? I think this may be fine for the firewall part...but can the PIX handle remote VPN Windows clients like a concentrator or would it be better to use a VPN concentrator for this part? Any suggestions or pointers would be greatly appreciated.
Thanks,
John.
05-12-2003 07:31 AM
John,
PIX can be used to terminate the client tunnels as well. However, a VPN3000 concentrator has more features.
If you do with th ePIX implementation. The following link would help:
http://www.cisco.com/warp/public/110/cvpn3k_pix_ias.html
Jazib
05-12-2003 07:37 AM
PIXen only have ethernet interfaces, so that might be a problem
PIXen support pass thru auth for proxies,etc. You should be able to make most setups work.
The PIX can handle the software vpn clients similarly to a concentrator. Generally the PIX plays catch up to the concentrators for features, but it should work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: