Can a pix 501 firewall VPN be created with a 10 user restricted license? It seems impossible to get an answer because Cisco's black mailing EOL policy.
ver 6 3.5
Hi,
It might be a good idea to also post the "show version" output of your PIX, also, what specific type of VPN are you thinking of? IPsec site to site, remote access or SSL remote access?
Jonnathan
The question is can you use a vpn...any type of vpn with a 10 user restricted license?
But if it matters, I want remote clients to connect to a windows server.
So the VPN endpoint will be the WIndows server and not the PIX itself right? If so, the PIX will be working as a pass-through device and VPN licenses won't have anything to do, the concurrent number of connections is what will limit the VPN traffic, but you will be able to build the tunnel with no problems.
Further reading on PIX licensing:
As you can see on table 4 the number of connections allowed with a 10 user license is 7500, which doesn't mean 7500 users. but 7500 connections between your local network and the VPN traffic.
HTH
Jonnathan
I would like the pix to act as a vpn and not a passthrough.
...but it seems impossible to get a freaking yes or no answer as to CAN A PIX 501 ACT as a VPN WITH A 10 USER RESTRICTED LICENSE?
@ Jonathan Rojas
Please stop replying because you simply cannot answer the yes or no question and are adding to my frustrations with Cisco.
...the runaround continues. Sigh.
You would get a yes or no answer if you were more specific from the very beginning, VPN is a wide technology and unfortunately answer are never that simple.
Also, if you take a look at the link I provided you will find your own answer:
"These licenses activate encryption services on Cisco PIX Security Appliances, which are required before using certain features including VPN, secure remote management, and more"
So it doesn't depend on your users license, it depends on your encryption license:
You can check it by doing a "show version" and looking at the following outputs:
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Can anyone tell me if this pix 501 can be used as a VPN based on the following?
Cisco PIX Device Manager Version 3.0(4)
Compiled on Thu 04-Aug-05 21:40 by morlee
pixfirewall up 3 mins 39 secs
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 0016.c7f9.8329, irq 9
1: ethernet1: address is 0016.c7f9.832c, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 10
Throughput: Unlimited
IKE peers: 10
This PIX has a Restricted (R) license.
Serial Number: 810341925 (0x304cd625)
Running Activation Key: 0x2af002a0 0xa3e7fb8f 0x1ab32f96 0xdb3c1af3
Configuration has not been modified since last system restart.
Cisco PIX Device Manager Version 3.0(4)
Compiled on Thu 04-Aug-05 21:40 by morlee
pixfirewall up 3 mins 39 secs
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 0016.c7f9.8329, irq 9
1: ethernet1: address is 0016.c7f9.832c, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 10
Throughput: Unlimited
IKE peers: 10
This PIX has a Restricted (R) license.
Serial Number: 810341925 (0x304cd625)
Running Activation Key: 0x2af002a0 0xa3e7fb8f 0x1ab32f96 0xdb3c1af3
Configuration has not been modified since last system restart.
Yes, for 10 users.
Are you saying yes based on
IKE peers: 10?
Based on three outputs:
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Which tells me encryption is enabled on the PIX, and from:
IKE peers: 10
Which specifies the number of users.
Hi,
To add some more details about the 10 hosts:
A local-host connection on the PIX is a combination of an XLATE (translation) and a CONN (connection).
This PIX-501 with 10-user limit, will allow a maximun of 10 local-hosts from inside to outside.
Use the "show local-host" command to check them out.
PIX# show local
Interface inside: 10 active, 10 maximum active
A new translation creates a local-host, then it will count as 1 user.
A 11 user will not be allowed.
Thanks.
Portu.
Please rate any posts you find useful.
Thanks that was helpful.
Do i have to use the Cisco VPN client (because it seems impossible to download)?
Hi Dennis,
You can download the IPsec client, check this out:
VPN Client Software for x86 32-bit version of XP/Vista/Windows 7 - Microsoft Installer
Note: There you will find the client for x86 and x64.
The PIX only supports this legacy VPN client.
Let me know.
Portu.
Please rate any post you find helpful.
You need a valid support contract to use a Cisco product and the proper download software needed to use the Cisco product that you purchased.
...again, if I can't use (get) the Cisco VPN client, is the PIX going to be useless as a VPN?
My point is that I'm not paying Cisco another dime to get something to work. So if I don't pay an extoratioin fee to get the client.