I am implementing a VPN (I'm a newbie) and I am currently allowing my server to do the routing. We are about 50 employees deep with 35 employees in our main office and 3-5 employees in our 4 branch offices. I have decided to go with the PIX-515 for the main office and 4 PIX-501's in the branch offices. I would also like to go with a hardware router solution for the main office to eliminate the overhead on my server. We currently have a fractional-T installed with 512kbps throughtput. We also have Linksys wireless routers in the branch offices. My questions are:
1) Do you have a router model/solution that would be appropriate for such a configuration that would work well with the PIX-515?
2) I am looking to upgrade my switch as well is there a Router/switch integrated product you could reccomment? or should I keep them separate?
3) What would be the best way to configure the connections for something like this? IE: from the MPOE connect to VPN (515) then to Router then to switch?
4) Could anyone provide a link or site that has some visual VPN/ Router fundamentals?
2) If you are expecting rapid growth then a solution with seperate devices would be better. Cisco does have integrated router-hub solutions. The ones that I know of are the 803 and the 804. Both support 10BaseT, 4 port Hub. The 800 is an ideal solution that is targetted at small offices and supports the entire spectrum of technologies, including VPN. If the users on your LAN are small enough in numbers, I guess this would be a good solution.
3) and 1) Your setup should look something like this:
Branch Office LAN -- PIX(501) -- Router -- <<>> --- router --- PIX(515) -- Central Office LAN
The firewall could be setup PIX to PIX, router to router or router to PIX. Configuring the router and PIX for VPN are similar tasks. The choice has to do with throughput based on the devices ability and your security posture and preferences.
4) The following links are rich with information on IPSec VPN's.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...