Hi,
I am quite new in the VPN world and would appreciate if I can get a
confirmation on the following before I invest in hardware:

I read the posts in here and still are not sure whether the purchase
of PIX 501 is sufficient for my purpose:

Current situation:

two internal networks at different locations, each:

- about 20 win XP and win2000 clients
- win2k server (dns, dhcp, dc): IP 192.168.0.x
- network switch, which is directly connected to ADSL modem (with
router function) (dynamic IP adress from our IP-Provider, static IP
for inside traffic as gateway)

I want the following:
- from inside continue accessing the internet as ussual

- access our servers from one network as well as from outside (hotels)
from mobile computers with changing ip addresses. Mainly to get
acces to a share folder and to administer the servers (VCN client).


If I put behind the netswitch a PIX 501 (deaktivating dhcp) and
connect it with the ADSL modem, does that work? especially with the
outside access (dyn IP)? I am a bit confused how PIX 501 is coming
along with dynamic ip adresses, how do I know from outside, which IP
address is the current one? Also when my laptop ip changes I would
have to adjust the access list, which i cant if I am outside?

Thanks for any help,

Kevin

____________________-
kevin.laro@yahoo.com

please note that the PIX501 default comes with a 10 user license limit.
otherwise get a 506 or a 50 userlicense or unlimited

The 501 comes with 4 port auto-mdi-x 10/100 switch embedded.
you can connect to ADSL with DHCP-client on outside.
you can disable DHCP-server inside
you can have 10 VPN peers on the 501 - 200-something on the 506 (this is
CPU+MEM determened)
you can use the Cisco VPN client software for RAS VPN for roadwarriors etc
But if you run dyn-IP outside you may consider configuring the Client sw
with a DNS hostname and have a public DNS record the PIX501 outside WAN IP
and update when its changed.
Or get a fixed dyn-IP or fixed static IP.


HTH
Martin



"Kevin Laro" <kevin_laro@yahoo.com> wrote in message
news:7ji0b0phruvm61v4h42ktreb4mmuj7issa@4ax.com...

Thanks Martin.

seems the 50 user license is the way to go then.

With public dns record you mean a service like dynip.org?

Kevin


On Sun, 23 May 2004 13:15:10 +0200, "Martin Bilgrav"
<bilgravCUTTHISOUT@image.dk> wrote:

"Kevin Laro" <kevin_laro@yahoo.com> wrote in message
news:cp91b0hp8st1eaegcfmofs9hn9d5jnscbf@4ax.com...
Well, for performance and securing the investment for the future, I strongly
sugguest that you get the 506
The cost differrence are not that large.
I recommend fixed static IP, as dyn-IP offen leeds to a larger management
effort over time.
Regarding DNS, the functionallity you need is the most important. i.e. have
your IP macth the name in the VPN clients config file (PCF-file)
keep in mind that you offen get what you pay for.

HTH
Martin Bilgrav

The 501 is soooooo sloooow.

We deployed it (a 501) for a small group (under 10 users) and it seemed a
little slow. When we needed more users I tried a 506 I had and it was
noticably faster.

In article <10b4b7m3okui552@news.supernews.com>,
nguser2u@no.spam.AOL.com says...
You sure it wasn't a duplex mismatch? Or are you doing IPSec?

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************

"Hansang Bae" <uonr@alp.ee.pbz> wrote in message
news:MPG.1b1c6ed75fae3c79989cb2@24.168.128.86...
Yes, and Yes.