Re: Using PIX for Site to Site VPN

rcrobert · ‎01-26-2005

My head end site has a PIX 515E and I am engineering a solution for two remote offices to connect back to the head end site via VPN. The remote sites will be four users each and have a domain controller at each remote site for local file sharing etc. The remote users will use a cable or DSL broadband connection with minimum 3Mbps.

I would like to purchase a PIX 501 for each of the remote sites and use them for site-to-site VPN with the 515E. All of the cisco white papers say to use routers for the site-to-site VPN. VPN throughput using IPSec for the 515e and 501 seem more than adequate. Will I run in to any issues with this configuration?

Thank you for your help!

V/R Ryan

Richard Burts · ‎01-26-2005

One factor about using the PIX to establish VPN connectivity is that each remote site will be able to communicate with the head end site but will not be able to communicate with the other remote site. This is a feature of the PIX which will not allow a packet to come in an interface and exit on the same interface.

Whether that is a problem or not is dependent on your environment and your requirements. If the remote site needs only to communicate with the head end but not the other remote site then the PIX should work for you. If the remote sites need to communicate with each other then the PIX implementation is a problem.

HTH

Rick

HTH

Rick

aashish.c · ‎01-28-2005

Hi,

I think you can use your 501 to connect to your HQ as well as to other sites. There will multiple VPN tunnels going to different sites. Its not like that a PIX can have only onw tunnel to one site at a time.

You just have to make seperate IKE-IPSec policies for every site .

check this out for setup :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800a2cce.shtml

and you can use PIX for site-to-site VPN without any problems. just chek the number of connections permitted for VPN on 501.

Regards

aashish C