09-19-2007 09:26 AM - edited 02-21-2020 01:41 AM
I am extremely new to Cisco Pix and I've been asked to look into purchasing a possible upgrade to ours. I currently have a 515E which I am going to send to another site once I get the new one. My Pix is primarily used for VPN access to my network. Once I get the new one I'd like to set up a site-to-site VPN for failover. I need assistance on which device to choose. Should I go with another 515E, the 525, or look into the ASA firewalls?
09-20-2007 05:30 AM
I would definitly go for the new ASA firewalls, they are more powerfull and have more expansion options than the Pix series. It wouldn't go for the 525 because just doesn't match the ASA, and the DC power supply is EoL and EoS.
You can replace your existing Pix515E with a ASA5510, more iformation on the ASA can be found here.http://www.cisco.com/en/US/products/ps6120/index.html
I hope this helps!
Please rate if the post is usefull!
Regards,
Michael
09-20-2007 05:35 AM
Thank you for your response. And it does help! Although, here's a question. I am going to send my 515E to another site. If I go with the ASA5510 will I be able to set up a site-to-site VPN for failover?
Thank you again!
Corinne
09-20-2007 05:46 AM
Offcourse you can make a site-to-site tunnel between a Pix and an ASA :)
What i don't understand is what you mean with the VPN for 'failover'. Do you want to use the site-to-site VPN tunnel as backup for a Leased Line (or something like that)?
You can find more information about configuring ASA's here:
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html
You can find more information about configuring a Pix here:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
Regards,
Michael
09-20-2007 05:51 AM
Yes, backup for a leased line. I apologize, this is all trail by fire stuff here. Thanks for your help!
09-20-2007 05:58 AM
No problem!
A site-to-site VPN would make an excellent failover for a Leased Line. Just keep in mind that you'll need a device, like a router, that keeps track of availability of the main route (Leased Line) to the other office.
Please rate if the posts are usefull!
Regards,
Michael
09-20-2007 06:08 AM
We've got a Cisco 2821 on either side of our site-to-site T1 connection. This should suffice, yes?
Also, our backbone is GigE so we are really looking to have all of our devies GigE capable. The ASA5510 comes with the integrated FastE interfaces, is there any GigE expansion capability?
Would the ASA5520 be overkill?
I really appreciate this help.
Corinne
09-20-2007 06:19 AM
The 2821's are perfect for this! If you want all your devices Gigabit-capabale, you'll need the ASA5520. Only the ASA5520, 5540 and 5550 have Gigabit Ethernet interfaces.
The ASA5520 would be a bit overkill, as a ASA5510 has already more performance than a Pix515E. But you have no other choice if you really want the Gigabit interfaces!
You can compare the ASA's on the following website:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
Regards,
Michael
09-20-2007 06:22 AM
Thank you! I really appreciate your help! You've answered all of my questions.
Have a great day!
Corinne
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide