RE: [fw-wiz] Pix VPN endpoint and split-tunnel

From: Paul Melson (pmelson_at_gmail.com)
Date: 10/14/05

  • Next message: Josh Welch: "Re: [fw-wiz] Pix VPN endpoint and split-tunnel" 
    To: "'Josh Welch'" <jwelch@buffalowildwings.com>
Date: Fri, 14 Oct 2005 09:24:12 -0400

    -----Original Message-----
    > I've recently been playing with 7.0(2) on a 515E previously running
    6.3(3). It requires
    > a memory upgrade, but you can upgrade a 5xx series PIX to version 7.x of
    the PIX OS.

    For what it's worth, PIX OS v7 and the ASA v7 software are not the same
    animal, and the new PIX code still doesn't include RIPv2 support or split
    horizon. But after doing some digging, it looks like PIX OS v7 might solve
    Chris' problem after all:

    "Improved Support for Non-Split Tunneling Remote-Access VPN Environments:
    Enables remote-access VPN connections to be terminated on the outside
    interface of a Cisco PIX Security Appliance, allowing Internet-destined
    traffic from remote-access user VPN tunnels to leave through the same
    interface it arrived at (after firewall rules, URL filtering policies, and
    other security checks have been optionally applied)"

    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet090
    0aecd80225ae1.html

    But it's still going to cost them the money to upgrade their PIX to 128MB of
    RAM. That's going to be a lot cheaper than an ASA or VPN3K though.

    PaulM

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Josh Welch: "Re: [fw-wiz] Pix VPN endpoint and split-tunnel"