They make plenty of sense, depending on your needs. We have a similar set up - a VPN concentrator and a separate firewall.
We have a large number of VPN users (Let's just say we have the 1000 concurrent user license on the concentrator here) and that level of user load on a firewall which also handles enterprise traffic would be insane. We also do failover routing via PIX to PIX VPN to back up our WAN links, and there are some different routing requirements to make that work which would break the client connects through the VPN. Not only that, we're already budgeted for a few more firewalls to restructure our production DMZ. Its also more secure to keep the firewall and the VPN connect point separate. Keep in mind that you have to authenticate to the VPN box else no traffic will pass through it. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Aaron Brasslett [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 5:12 PM > To: NT 2000 Discussions > Subject: RE: Minimum VPN req's > > > Why would you put your VPN box in parallel with the PIX? Why > wouldn't you > support the VPN on one of the existing PIXs? Parallel > firewalls don't make > a lot of sense. > > Aaron > > -----Original Message----- > From: Robert Gonzaga (306) [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 5:03 PM > To: NT 2000 Discussions > Subject: RE: Minimum VPN req's > > > I setup our VPN box in parallel with our 2 PIXs. You need a > public IP for > the outside and a private IP on the inside. Pop in you PDC > info, WINS and > pool of address for that clients and that's basically it. > It's fast. You > can use your existing windows client but I'd recommend the > Cisco software > that comes with the concentrator. The client is a free > downloadable from > cisco if you have a CCO login. > > -----Original Message----- > From: Lum, David [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 2:00 PM > To: NT 2000 Discussions > Subject: Minimum VPN req's > > All this talk of VPN...what's the absolute minimum equipment > to VPN if both > sides already have fast internet? Software/hardware. I > currently dial in via > PCAnywhere to one site, but I'd love to utilize my DSL and > their broadband > connection to connect. > > Dave Lum - [EMAIL PROTECTED] > Sr. Network Specialist - Textron Financial > 503-675-5510 > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
