Questions

VPN on PIX or Router?

Tags:
+
0 Votes
Locked

VPN on PIX or Router?

Working IT
Should I use the PIX or Router to handle the VPN request?

I have a Cisco PIX and a Cisco Router. They are both capable of VPN. Which one I should use? And why?
  • +
    0 Votes
    TBBrick

    If you configure the router to manage the VPN, you're still going to have to configure the PIX to allow it. Why not have the configuration hassle on one device rather than two?

    +
    0 Votes
    djdawson

    The PIX and IOS router are pretty similar in their VPN
    support, with the router having the advantage for site-to-
    site VPNs. Licensing could be a factor, since the low end
    PIXes restrict the number of simultaneous VPN
    connections. Also, prior to verison 7.0 the PIX doesn't
    allow incoming VPN traffic to be routed directly back out
    to the Internet, so if you need that go with the router (or
    use split tunneling, but some people have security issues
    with that feature). Depending on your router hardware,
    the PIX may have a performance advantage. Routers that
    don't have encryption hardware only support very low
    amounts of VPN traffic (all the ISR routers - the 1800,
    2800, and 3800 routers - have basic encryption
    hardware; other models require add-on modules of some
    sort).

    If all you need is a couple remote VPN client connections
    for selected users, I'd go with the PIX.

    HTH

    Dana

  • +
    0 Votes
    TBBrick

    If you configure the router to manage the VPN, you're still going to have to configure the PIX to allow it. Why not have the configuration hassle on one device rather than two?

    +
    0 Votes
    djdawson

    The PIX and IOS router are pretty similar in their VPN
    support, with the router having the advantage for site-to-
    site VPNs. Licensing could be a factor, since the low end
    PIXes restrict the number of simultaneous VPN
    connections. Also, prior to verison 7.0 the PIX doesn't
    allow incoming VPN traffic to be routed directly back out
    to the Internet, so if you need that go with the router (or
    use split tunneling, but some people have security issues
    with that feature). Depending on your router hardware,
    the PIX may have a performance advantage. Routers that
    don't have encryption hardware only support very low
    amounts of VPN traffic (all the ISR routers - the 1800,
    2800, and 3800 routers - have basic encryption
    hardware; other models require add-on modules of some
    sort).

    If all you need is a couple remote VPN client connections
    for selected users, I'd go with the PIX.

    HTH

    Dana