Hi, I am a total newcomer to this so any advice is much appreciated. I have a main office with 18 users. These users are connected to a Catalyst 2900 XL switch and use it to connect to our server to access file shares and Exchange. We have two remote sites, one with 3 users and the other with 2. We also have 3 home users that connect. I want all remote usrs to be able to conncect over VPN to the server in the main office. I have purchased a 501 to firewall the main office and am wondering if it will be enough horsepower to also handle the VPN connections. I have the 50U and 3DES bundle. Is the 501 enough or do I need to upgrade and maybe place the 501 at one of the remote sites? Also, how do I go about setting up software-VPN connections? Thank you for the help.
You will be all set. With recent PIX OS (6.2+), a 501 can support 10 concurrent tunnels. You will use 2 for each of the remote sites, it sounds like - this will leave 8 possible tunnels for end users to use.
I would be shocked if 8 tunnels were not enough for your users - I have a lot more users than you, and 6 or 7 is about the most concurrent connections I have seen here.
Actually, I believe that the increase to 10 tunnels on the PIX501 was in the 6.3.3 release:
Increased Number of IPSec VPN Peers Supported on the PIX 501 Security Appliance
PIX Firewall Version 6.3 increases number of site-to-site and remote access VPN peers supported on the PIX 501 from 5 to 10, enabling greater VPN scalability in small office, home office (SOHO) environments.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...