the organization I work for has purchased two Cisco ASA 5500 series and wants to get rid off two PIXs (515E, image 7.1) and use the Cisco ASA to do Firewalling plus VPN. Well this is my frist exposure to Cisco ASA and I have read almost all the available documents on ASA that Cisco has published and have gain understanding of how ASA works, single mode, multimode and security context (vertual Firewall) but I still really don't know if the ASA will infact do what the physical PIXs are doing plus VPN. One of the main points of confusion for me is that, based on Cisco dicuments, if I enable Multimode then, I cannot use the ASA for VPN?? but i don't know if my understanding is correct or if there are ways around it??
We have over 100 VLANs on our switched network with 2 cores switches 6509 and 4006 (Cisco IOS) all fiber and ports on core 6509 are set to trunk and is VLAN server. we have mant Cisco 3560s and 3550 switches all over this campus in various closets. VoIP and eigrp and Spanning -tress are also other services running. well I really don't know how ASA will fit in all that I have explained above and need help undertanding so that I can have a clear picture of ASA relation to all of these equipments, routing, STP plus VLANs.
at this time I really don't know where to start if I wanted to start removing the PIXs and put the ASAs in their place today??
Also, I must note here that the engineer before me had done some configuration on ASAs but they don't work properly and PIXs are still doing the Firewalling. i can see subinterfaces have been created on the ASAs but something is wrong there that I cannot pinpoint.
Any help and assistance you guys can give me is greatly appreciated.
Please forgive me for this long posting but I had to be somewhat clear on what I have in my hands and what I want to do having no idea of where to start??