RE: Pix VPN endpoint and split-tunnel

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
> I've recently been playing with 7.0(2) on a 515E previously running
6.3(3). It requires 
> a memory upgrade, but you can upgrade a 5xx series PIX to version 7.x of
the PIX OS.

For what it's worth, PIX OS v7 and the ASA v7 software are not the same
animal, and the new PIX code still doesn't include RIPv2 support or split
horizon.  But after doing some digging, it looks like PIX OS v7 might solve
Chris' problem after all:

"Improved Support for Non-Split Tunneling Remote-Access VPN Environments:
Enables remote-access VPN connections to be terminated on the outside
interface of a Cisco PIX Security Appliance, allowing Internet-destined
traffic from remote-access user VPN tunnels to leave through the same
interface it arrived at (after firewall rules, URL filtering policies, and
other security checks have been optionally applied)"

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet090
0aecd80225ae1.html

But it's still going to cost them the money to upgrade their PIX to 128MB of
RAM.  That's going to be a lot cheaper than an ASA or VPN3K though.

PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards