Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
0
Helpful
1
Replies

upgrading hardware

saidfrh
Level 1
Level 1

‎08-01-2007 10:03 AM - edited ‎03-09-2019 06:30 PM

Hi,

We are upgrading our networking devices. We have a 175 employee company; 2612 Perimeter router with access list performing firewall functions; 6 branch offices that use PIX 501 (5) and ASA 5505 (1) to VPN to main office PIX 506e.

We plan to upgrade to a 2800 router. 1. Would the 2800 perimeter router be able to do its routing functions and as well as VPN functions? 2. Would a ASA5510 replacement for the 506e be able to do VPN functions and firewall functions? 3. Any suggestions for a NAC device? Any suggestions for network monitoring tool?

thanks

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎08-01-2007 12:26 PM

Hi

1) A 2800 series router could do the firewalling + vpn termination + routing if that is what you want although i appreciate you may not want it to do all functions and it may well make sense to have a separate firewall. Only you can really make that decision.

IPSEC is done in hardware and if you need even more IPSEC throughput you can purchase an AIM for it.

Attached is the data sheet for the 2800 series router. Be aware that for IPSEC and or Firewalling you will need to make sure you order the right IOS with it.

http://www.cisco.com/en/US/products/ps5854/products_qanda_item0900aecd80169bd6.shtml

2) Yes an ASA5510 is a more than adequate replacement for a pix 506. Bear in mind that the config will be different because your ASA will be running v7.x code and not v6.x which is probably what's on your 506e.

3) Not sure what you mean by this. Cisco do a standalone NAC device and NAC integrated with 802.1x on the switches.

Network monitoring tool - we use Ciscoworks but this might be overkill for you. Main issue wis with monitoring pix firewalls - ADSM is only one firewall at a time. Cisco do the Cisco Security Manager software for managing multiple devices but it isn't cheap.

Alternatively you could look for free software for snmp and sylog messages - there are quite a few out there.

HTH

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents