PIX Assistance

cjohnson1279 · ‎09-19-2007

I am extremely new to Cisco Pix and I've been asked to look into purchasing a possible upgrade to ours. I currently have a 515E which I am going to send to another site once I get the new one. My Pix is primarily used for VPN access to my network. Once I get the new one I'd like to set up a site-to-site VPN for failover. I need assistance on which device to choose. Should I go with another 515E, the 525, or look into the ASA firewalls?

mfreijser · ‎09-20-2007

I would definitly go for the new ASA firewalls, they are more powerfull and have more expansion options than the Pix series. It wouldn't go for the 525 because just doesn't match the ASA, and the DC power supply is EoL and EoS.

You can replace your existing Pix515E with a ASA5510, more iformation on the ASA can be found here.http://www.cisco.com/en/US/products/ps6120/index.html

I hope this helps!

Please rate if the post is usefull!

Regards,

Michael

cjohnson1279 · ‎09-20-2007

Thank you for your response. And it does help! Although, here's a question. I am going to send my 515E to another site. If I go with the ASA5510 will I be able to set up a site-to-site VPN for failover?

Thank you again!

Corinne

mfreijser · ‎09-20-2007

Offcourse you can make a site-to-site tunnel between a Pix and an ASA :)

What i don't understand is what you mean with the VPN for 'failover'. Do you want to use the site-to-site VPN tunnel as backup for a Leased Line (or something like that)?

You can find more information about configuring ASA's here:

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html

You can find more information about configuring a Pix here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

Regards,

Michael

cjohnson1279 · ‎09-20-2007

Yes, backup for a leased line. I apologize, this is all trail by fire stuff here. Thanks for your help!

mfreijser · ‎09-20-2007

No problem!

A site-to-site VPN would make an excellent failover for a Leased Line. Just keep in mind that you'll need a device, like a router, that keeps track of availability of the main route (Leased Line) to the other office.

Please rate if the posts are usefull!

Regards,

Michael

cjohnson1279 · ‎09-20-2007

We've got a Cisco 2821 on either side of our site-to-site T1 connection. This should suffice, yes?

Also, our backbone is GigE so we are really looking to have all of our devies GigE capable. The ASA5510 comes with the integrated FastE interfaces, is there any GigE expansion capability?

Would the ASA5520 be overkill?

I really appreciate this help.

Corinne

mfreijser · ‎09-20-2007

The 2821's are perfect for this! If you want all your devices Gigabit-capabale, you'll need the ASA5520. Only the ASA5520, 5540 and 5550 have Gigabit Ethernet interfaces.

The ASA5520 would be a bit overkill, as a ASA5510 has already more performance than a Pix515E. But you have no other choice if you really want the Gigabit interfaces!

You can compare the ASA's on the following website:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Regards,

Michael

cjohnson1279 · ‎09-20-2007

Thank you! I really appreciate your help! You've answered all of my questions.

Have a great day!

Corinne