Cisco Router vs Cisco PIX

W

WizBomb

Limp Gawd
Joined
Dec 5, 2001
Messages
168
Hello all,

How does a CISCO1711-VPN/K9 compare against a Cisco Pix 506E?

Thanks,
Brian
 
what are you wanting to use it for? Firewall and/or VPN concentrator? Both devices are EOL by the way. I would be hesitant to use either in a business environment.
Posted via [H] Mobile Device
 
Captain Colonoscopy said:
what are you wanting to use it for? Firewall and/or VPN concentrator? Both devices are EOL by the way. I would be hesitant to use either in a business environment.
Posted via [H] Mobile Device
Click to expand...

Looking for Firewall and one Remote VPN User access. Looking for a all in one device that is cheap for my Father. He will sometimes want to connect home from a remote location.

Thanks,
Brian
 
Last edited:
Yes. You can only run up to 6.3 on the old PIX. At least you can run a 12.4T IOS release with the firewall feature set on the 1711. They are kind of pokey though by modern standards.
 
mattjw916 said:
Yes. You can only run up to 6.3 on the old PIX. At least you can run a 12.4T IOS release with the firewall feature set on the 1711. They are kind of pokey though by modern standards.
Click to expand...

This router should support a 7mbit Cable Connection with no problem correct? Also with one VPN user connecting in?

Thanks,
Brian
 
The 506E should do more throughput. Cisco's router pdf says the 1711 will do 6.91Mb/s.

I wouldn't use either, personally. Go with an 871 or something.
 
That 506 only has 10Mb ethernet ports if that tells you anything. Personally, I like to use firewalls for firewalls and routers for routing. The PIX is going to be easier to get VPN working IMO.
 
Captain Colonoscopy said:
That 506 only has 10Mb ethernet ports if that tells you anything. Personally, I like to use firewalls for firewalls and routers for routing. The PIX is going to be easier to get VPN working IMO.
Click to expand...

I think you're talking about the old (they're both old, but one is oldER, lol) 506, the 506E has 100m interfaces.

I think difficulty will be relative. I find it easier to get anything working in IOS vs the PIX/ASA OS. I work with IOS a lot more though, so naturally it's easier and I prefer it. It really depends on the person and their experience, IMO.
 
Vito_Corleone said:
I think you're talking about the old (they're both old, but one is oldER, lol) 506, the 506E has 100m interfaces.

I think difficulty will be relative. I find it easier to get anything working in IOS vs the PIX/ASA OS. I work with IOS a lot more though, so naturally it's easier and I prefer it. It really depends on the person and their experience, IMO.
Click to expand...

Oh snap you're right. For some reason I thought the OP said 506 and not 506e. My bad there. Anyway, I think the PIX506e is capable of more firewall/VPN throughput. So, between the two, I'd pick the PIX506e over the 1711 router. As for the management, you can get PDM running on w2k or XP as long as you've still got IE6 and JRE 1.4.10 :p And the ASA8.x code is a lot more like IOS than it used to be, a lot of the same commands are there and the frigging ? works like it should. :D


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps4336/
The Cisco PIX 506E is a robust, purpose-built security appliance that delivers enterprise-class security for remote and branch office environments.

The compact desktop chassis of the Cisco PIX 506E provides two autosensing Fast Ethernet (10/100) interfaces. Ideal for securing high-speed Internet connections, the Cisco PIX 506E delivers up to 100 Mbps of firewall throughput, 16 Mbps of Triple Data Encryption Standard (3DES) VPN throughput, and 30 Mbps of Advanced Encryption Standard-128 (AES) VPN throughput in a cost-effective, high-performance solution.
Click to expand...
 
Guess I'll keep looking on Ebay for a used Cisco Pix 506e.

Thanks for all the responses.

Brian
 
Guess I'll keep looking on Ebay for a used Cisco Pix 506e.
Click to expand...

Meh, you'll want something like a PIX 515e if you want to go that route. Unless you want to learn a whole new command structure that is completely obsolete now that is only used by devices that are EOL. You can't run a remotely modern version of the PIX OS on a 506e, it's not supported. Get something a little less crappy or you'll be kicking yourself later.
 
mattjw916 said:
Meh, you'll want something like a PIX 515e if you want to go that route. Unless you want to learn a whole new command structure that is completely obsolete now that is only used by devices that are EOL. You can't run a remotely modern version of the PIX OS on a 506e, it's not supported. Get something a little less crappy or you'll be kicking yourself later.
Click to expand...

Agreed. If your set on a pix get a 515e at least. Those you can at least get more memory for those and run asa code on them. On the other hand have you considered looking at like a 2620xm or a 2621xm for a router.

I guess I've played with a 1711 at the office and it was pretty worthless especially at the edge. While a pix 506e is decent as an edge device for vpn, firewall, etc.. it's old. The code is outdated and if your looking for a learning expierce it's not going to do you a lot of good to learn outdated code especially now that the newer versions of the asa codes change how thing such as nat, site to site vpns, remote access vpns are configured
Some things to keep in mind
 
mattjw916 said:
Meh, you'll want something like a PIX 515e if you want to go that route. Unless you want to learn a whole new command structure that is completely obsolete now that is only used by devices that are EOL. You can't run a remotely modern version of the PIX OS on a 506e, it's not supported. Get something a little less crappy or you'll be kicking yourself later.
Click to expand...

Is Cisco PIX 515e needed even though its for my father's home so he can connect while he is away?

Thanks,
Brian
 
WizBomb said:
Is Cisco PIX 515e needed even though its for my father's home so he can connect while he is away?

Thanks,
Brian
Click to expand...

I think you would be better off with a different solution. A few suggestions
-OpenWRT flashed on a consumer router & OpenVPN
-Himachi
-LogMeIn/GoToMyPc
 
I don't even know why you are wanting to go on the Cisco route on this one to do something so simple. Archivalbackup has the best solutions in my opinion.
 
The PIX will have better throughput than a 1711 router, but both can be made into all-in-one NAT/Router/Firewall/VPN-endpoint devices. However, I'm more concerned about this statement:
Looking for Firewall and one Remote VPN User access.
Click to expand...
You'll be able to set it up as a quasi-concentrator for the Cisco IPSEC VPN client, but not the new AnyConnect client (which requires licensing anyway). That Cisco client does not run on 64-bit Windows without emulation. Just something for you to think about.

If your needs are simple and you don't need to brush up on your Cisco skills, I'd recommend a new pfSense box over both old Cisco solutions.
 
I'd go for a PIX 515 and then upgrade it to 128MB of RAM if it isn't already. You should be able to run version 8 code without any issues (I currently run this setup at home without any difficulties)
 
You must log in or register to reply here.
Back
Top