for VPN - Module in router? or ASA?

Unanswered Question
Oct 26th, 2007


We need to add to our VPN abilities - Currently we have a 3030 Concentrator.

Both AnyConnect client & Web VPN are highly desired.

I believe I've learned that 2 options are AIM-VPN/SSL module in a router, or ASA.

We have 2 routers we could consider using for a module - a 3825 (in production, provides Ethernet interface for an OptEMan link) and a 3745 (spare at the moment).

Obviously an ASA has way more abilities, but before making the price jump from a module & license for an existing router up to a whole new box, I want to be able to give my bosses some kind of cost/benefit analysis. Additionally, I'm not 100% sure that I figured it out right that the AIM/router option is correct... (50 million part numbers & options - even the inside engineers get muddled sometimes...)

So, my questions are:

1. Does the AIM-VPN/SSL-3 go in 3825 & 3745 routers? If yes, would it suck up too many resources in a router supporting an OptEMan?

2. Are there additional SSL-VPN features available in ASA that aren't available in AIM?

3. Are there additional ASA features besides VPN, firewall, IPS?

Thanks for any thoughts/knowledge...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Richard Burts Sun, 10/28/2007 - 09:33


I believe that the AIM-VPN/SSL works in ISR routers (I have them in quite a few 1841s that we are using). So I am pretty sure that they work in the 3825. They may also work in 3745 but I have no experience with that.

It is my experience and my understanding of Cisco strategic direction that for site to site VPN the router based implementation with VPN accelerator is the optimum solution. And for SSL I believe that the ASA is the optimum solution. I am fairly sure that Any Connect and Web VPN are better supported on the ASA than they are on the router though I do not have any hard evidence to offer to support that.




This Discussion