The question is can you use a vpn...any type of vpn with a 10 user restricted license?

But if it matters, I want remote clients to connect to a windows server.

So the VPN endpoint will be the WIndows server and not the PIX itself right? If so, the PIX will be working as a pass-through device and VPN licenses won't have anything to do, the concurrent number of connections is what will limit the VPN traffic, but you will be able to build the tunnel with no problems.

Further reading on PIX licensing:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/product_data_sheet09186a00800b0d85.html

As you can see on table 4 the number of connections allowed with a 10 user license is 7500, which doesn't mean 7500 users. but 7500 connections between your local network and the VPN traffic.

HTH

Jonnathan

I would like the pix to act as a vpn and not a passthrough.

...but it seems impossible to get a freaking yes or no answer as to CAN A PIX 501 ACT as a VPN WITH A 10 USER RESTRICTED LICENSE?

@ Jonathan Rojas

Please stop replying because you simply cannot answer the yes or no question and are adding to my frustrations with Cisco.

...the runaround continues. Sigh.

You would get a yes or no answer if you were more specific from the very beginning, VPN is a wide technology and unfortunately answer are never that simple.

Also, if you take a look at the link I provided you will find your own answer:

"These licenses activate encryption services on  Cisco PIX Security Appliances, which are required before using certain  features including VPN, secure remote management, and more"

So it doesn't depend on your users license, it depends on your encryption license:

You can check it by doing a "show version" and looking at the following outputs:

VPN-DES                           : Enabled       

VPN-3DES-AES                      : Enabled

Can anyone tell me if this pix 501 can be used as a VPN based on the following?

Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

pixfirewall up 3 mins 39 secs

Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 0016.c7f9.8329, irq 9

1: ethernet1: address is 0016.c7f9.832c, irq 10

Licensed Features:

Failover:                    Disabled

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces:          2

Cut-through Proxy:           Enabled

Guards:                      Enabled

URL-filtering:               Enabled

Inside Hosts:                10

Throughput:                  Unlimited

IKE peers:                   10

This PIX has a Restricted (R) license.

Serial Number: 810341925 (0x304cd625)

Running Activation Key: 0x2af002a0 0xa3e7fb8f 0x1ab32f96 0xdb3c1af3

Configuration has not been modified since last system restart.

Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

pixfirewall up 3 mins 39 secs

Hardware:   PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 0016.c7f9.8329, irq 9

1: ethernet1: address is 0016.c7f9.832c, irq 10

Licensed Features:

Failover:                    Disabled

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces:          2

Cut-through Proxy:           Enabled

Guards:                      Enabled

URL-filtering:               Enabled

Inside Hosts:                10

Throughput:                  Unlimited

IKE peers:                   10

This PIX has a Restricted (R) license.

Serial Number: 810341925 (0x304cd625)

Running Activation Key: 0x2af002a0 0xa3e7fb8f 0x1ab32f96 0xdb3c1af3

Configuration has not been modified since last system restart.

Yes, for 10 users.

Are you saying yes based on

IKE peers: 10?

Based on three outputs:

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Which tells me encryption is enabled on the PIX, and from:

IKE peers:                   10

Which specifies the number of users.

Hi,

To add some more details about the 10 hosts:

A local-host connection on the PIX is a combination of an XLATE (translation) and a CONN (connection).

This PIX-501 with 10-user limit, will allow a maximun of 10 local-hosts from inside to outside.

Use the "show local-host" command to check them out.

PIX# show local

Interface inside: 10 active, 10 maximum active

A new translation creates a local-host, then it will count as 1 user.

A 11 user will not be allowed.

Thanks.

Portu.

Please rate any posts you find useful.

Thanks that was helpful.

Do i have to use the Cisco VPN client (because it seems impossible to download)?

Hi Dennis,

You can download the IPsec client, check this out:

VPN Client Software for x86 32-bit version of XP/Vista/Windows 7 - Microsoft Installer

Note: There you will find the client for x86 and x64.

The PIX only supports this legacy VPN client.

Let me know.

Portu.

Please rate any post you find helpful.

You need a valid support contract to use a Cisco product and the proper download software needed to use the Cisco product that you purchased.

...again, if I can't use (get) the Cisco VPN client, is the PIX going to be useless as a VPN?

My point is that I'm not paying Cisco another dime to get something to work. So if I don't pay an extoratioin fee to get the client.