11-15-2007 07:22 PM - edited 02-21-2020 01:47 AM
Our central office has a VPN 3005 and a PIX 515. The VPN 3005 is the hub for 7 branch offices/spokes - each of which has a PIX 506e. The PIX 515 serves as the firewall for the cental office.
From what I can tell, the ASA devices don't suffer the same routing limitations that the PIXs did. It looks like the ASA will route traffic back out on the same interface that it came in on - for VPN purposes (I don't want a meshed VPN - all VPN traffic should travel through the hub). Would the ASA 5510 give me the capabilities of both older devices wrapped into one single new device?
Thanks!
11-25-2007 11:08 PM
HI there.
This is actually a limitation with the software. I believe from version 7 you can route traffic back out the same interface.
Obviously the concentrators don't have the limitation either.
11-27-2007 07:11 AM
Yes, I'm well aware of the limitations of the v6.x software. My 515 won't support v7.x without hardware upgrades, which is why I was asking about the ASA. If I get an ASA 5510 as a replacement for my PIX 515, would it also eliminate my need for the separate VPN 3005 concentrator? I'm thinking the ASA will serve both functions...
12-12-2007 10:31 AM
This is the same scenario that I am purchasing the 5510 for. I am replacing a 515 and a 3005 with this one device (with the security bundle to enable the extra ports). If you have implemented and run into issues, please post.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide