Hello all. New to the VPN arena and I'm seeing this term come up a lot. I'm looking to VPN for connectivity for about 5 sites (2-3 users per) to our home office. I've reviewed the 501 and it seemed that it could do the job and use site-to-site. Would I even need a concentrator, whatever it may be??? Thanks.
I would not use PIX 501 at the home location. Your best bet is probably a 506, or even a 515. Scalability is an issue you will run into, because the 501 you intend to install at the home office will be acting as a VPN hub, and it can only support 5 VPN peers. So if you needed to add a 6th VPN site, you would need to upgrade to at least a 506 model. I also think that 5 VPN's terminating into 1 501 firewall would also hinder performance, especially if you plan on using 3DES.
We are currently using the PIX 501 at our site while the remote sites use a mix of PIX 506/Routers/concentrators. We currently run 7 individual tunnels with no problems. Just make sure you beef up the RAM and flash.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...