we want to connect our branch offices over vpn to our central office. In the central office there is a VPN concentrator located. In the branch offices DSL is present. We want to operate the branch offices in the network extension mode. Now the question arises whether we should use a Cisco 806 or a PIX 50x. Where are the advantages, and/or disadvantages? Does someone have experience it these two devices?
PIX will provide you with the firewall at the remote sites, but will need to keep in mind the limitations on the PIX not being a Router so for too many inside segments it might be a better idea to use a Router with IOS Firewall features as it will be able to do Routing better. As for NAT/PAT both should be able to handle that part fine. So its totally what you think seems better for you, is what you should use...
In the remote sides, where only 5-10 user in one network are located, I use the PIX 506. Have the users in this remote side access over the central side to other locations which are connected over vpn ? I think so !!
I have try to connect one remote side over vpn in the network extension mode. It functions so long to itself the IP address changes (all 24h by the German Telekom). Afterwards no more vpn-tunnel was established. Only after a reboot it was established a new vpn connection.
With the pix506, there are no problems.
I can also sen you the configuration, if it is necessary !!
If you have 5-10 users in your remote offices and a Cisco Concentrator at the central office I would recommend a Cisco 501. The config for the 501 is very small and easy (about 5 to 6 lines). I have uses both 806 and 501. I like and perfer the 501 for security reasons and ease of install with the concentrator. Food for thought...If you are going to have 5-10 users running on DSL will run very slow. We have about 5 per location but we are using Citrix to do all the work. (Citrix uses only 20kb of bandwidth). Hope this helps.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...