PIX 506 Replacement Suggestions

Unanswered Question

I have (3) sites that currently are using PIX 506's with 2610 routers. I have to budget to replace the PIX's next year, since they went off support unexpectedly this year. The 2610's go off support next year, so I need to replace those also. There are site-site VPN's established. Connectivity is either a T1 or business cable connection. Since I'd like to setup a DMZ, I was looking at the spec's for a ASA5510 and perhaps a 2811 router? I don't anticipate adding additional T1's or significant bandwidth to any of the sites. Sites are < 50 users.


Thanks.


John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 10/05/2007 - 08:39
User Badges:
  • Purple, 4500 points or more

What about using a router for terminating your T-1 connections and providing firewall/VPN features? Something like an 1841 with VPN AIM card.


1841 Router

http://cisco.com/en/US/products/ps5853/products_data_sheet0900aecd8016a59b.html


VPN AIM Card

http://cisco.com/en/US/products/ps5853/products_data_sheet0900aecd804ff58a.html


You can buy the security bundle wich includes everything you need.

CISCO1841-HSEC/K9 "Cisco 1841 Security Bundle with IOS Advanced IP services, AIM-VPN/BPII-PLUS, 64 MB Flash/256 MB DRAM"


You would still need to buy a WIC-T1-DSU (or something similar) for terminating the T-1.


HTH

Had a conversation with our teleco provider this morning. Right now I'm leaning toward having them lease us the routers so that they 'own' any problems up to and including that CPE. The incremental monthly cost isn't that much. So, I guess at this point, it's just a question of which ASA 5500 series model I choose for the (2) locations. Probably a pair of 5510's.

Collin Clark Fri, 10/05/2007 - 10:41
User Badges:
  • Purple, 4500 points or more

Just as an FYI the ASA5505 can handle up to 100MB of VPN traffic, so if you only have a T1 an ASA5510 might be over kill (170MB VPN).



Actions

This Discussion