05-16-2003 10:25 AM - edited 02-21-2020 12:33 PM
May 16, 2003, 7:31am PST
I need to provide VPN solution for about 2000 remote users. Two main factors are remote desktop (so users can use their office PCs from home), and access to protected servers. All this needs to be through VPN. My question is regarding capacity and compatibility.
1)
Is PIX 515 sufficient for this many users? What about 525? Or do I have to go with the VPN Concentrator? Advantages and Disadvantages?
2)
Can I integrate VPN device with Novell's E-Directory for user management? What about SUN1 directory? Or Radius? Preffered solution would be integration with EDirectory.
Please post your comments or suggestions. Any help higly appreciated.
Thanks,
S.P.
Solved! Go to Solution.
05-22-2003 11:44 AM
Both the 515 and the 525 can support 2000 simultaneous tunnels. Therefore, you could do with the 515. However, I feel that a VPN concentrator is better suited for the job at hand. The concentrator has been designed to support just this kind of a setup. The advantage of using the VPN concentrator is that it would make management of this large number of usersmuch easier. The disadvantage is that you are trusting all the users and will lack the high degree of security that a firewall provides.
05-22-2003 11:44 AM
Both the 515 and the 525 can support 2000 simultaneous tunnels. Therefore, you could do with the 515. However, I feel that a VPN concentrator is better suited for the job at hand. The concentrator has been designed to support just this kind of a setup. The advantage of using the VPN concentrator is that it would make management of this large number of usersmuch easier. The disadvantage is that you are trusting all the users and will lack the high degree of security that a firewall provides.
05-22-2003 12:58 PM
Thank you for your input.
The issue is I have spare 515 that I can utilize for this VPN. However, I do not have any spare 525. Therefore, most likely I will solely use 515.
However, there is another question. Is 525 capable of being fully-utilized firewall as well as VPN end-point? Or do I have to specificly dedicate 525 for VPN? Same question regarding 515s?
The reason I am leaning toward PIXs vs. VPN concentrator because I already have this equipment. VPN 3000 would have to be purchased separately.
Thanks for the help. Any further assistance very appreciated.
SP
05-23-2003 07:02 PM
The PIX 525 is capable of handling your users and acting as a firewall. In this case, I would strongly recommend the 525 over the 515. It's a more robust model that's easily expanded should your needs change in the future.
One other thing to take into consideration -- if 2000 users are going to rely on your VPN for every day business needs it would be irresponsible not to implement a failover solution and this means you need two identical PIX devices. If I had to decide one 1 PIX525 or two PIX515's, I would go with the later strictly for the peace of mind.
My two cents.
Cody Rowland
Infrastructure Engineer
07-09-2003 06:44 AM
Did you ever find out whether or not you could integrate the VPN device with Novell's E-Directory for user management? I'm interested in doing this myself.
Thanks
Rhodri Jenkins
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide