PIX 506 Replacement Suggestions

Unanswered Question

I have (3) sites that currently are using PIX 506's with 2610 routers. I have to budget to replace the PIX's next year, since they went off support unexpectedly this year. The 2610's go off support next year, so I need to replace those also. There are site-site VPN's established. Connectivity is either a T1 or business cable connection. Since I'd like to setup a DMZ, I was looking at the spec's for a ASA5510 and perhaps a 2811 router? I don't anticipate adding additional T1's or significant bandwidth to any of the sites. Sites are < 50 users.

Thanks.

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 10/05/2007 - 08:39

What about using a router for terminating your T-1 connections and providing firewall/VPN features? Something like an 1841 with VPN AIM card.

1841 Router

http://cisco.com/en/US/products/ps5853/products_data_sheet0900aecd8016a59b.html

VPN AIM Card

http://cisco.com/en/US/products/ps5853/products_data_sheet0900aecd804ff58a.html

You can buy the security bundle wich includes everything you need.

CISCO1841-HSEC/K9 "Cisco 1841 Security Bundle with IOS Advanced IP services, AIM-VPN/BPII-PLUS, 64 MB Flash/256 MB DRAM"

You would still need to buy a WIC-T1-DSU (or something similar) for terminating the T-1.

HTH

Had a conversation with our teleco provider this morning. Right now I'm leaning toward having them lease us the routers so that they 'own' any problems up to and including that CPE. The incremental monthly cost isn't that much. So, I guess at this point, it's just a question of which ASA 5500 series model I choose for the (2) locations. Probably a pair of 5510's.

Collin Clark Fri, 10/05/2007 - 10:41

Just as an FYI the ASA5505 can handle up to 100MB of VPN traffic, so if you only have a T1 an ASA5510 might be over kill (170MB VPN).

Actions

This Discussion