cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
391
Views
0
Helpful
2
Replies

changing VPN solutions to ASA5520

mikecouch
Level 1
Level 1

I have a Nortel VPN solution but I am going to an ASA solution. I am looking for feed back as to things that have worked and things that have not. I am just starting design so i am open to anything and look forward to your comments.

2 Replies 2

bwilmoth
Level 5
Level 5

With PIX/ASA version 7.0 and later, a new feature is introduced that allows the PIX to support hairpinning in a VPN environment.

When the PIX/ASA is the hub in a VPN environment, this feature supports spoke-to-spoke VPN communications as it provides the ability for encrypted traffic to enter and leave the same interface. If the traffic is un-encrypted, it is dropped.There is another new feature in PIX version 7.0 that allows traffic to flow between two interfaces of the PIX that have the same security level

You can get more information regarding ASA 5520 from this link

http://www.cisco.com/en/US/products/ps6120/prod_installation_guides_list.html

Darthkim_2
Level 1
Level 1

We are in the process of migrating form a Nortel Contivity 2700 series to two 5520 ASA's.

In the process, we decided to move from IPSEC to SSL VPN.

Some notes:

- Makes sure that you are on at least 8.0.3(9) version. It fixes alot of issues with the SSL VPN.

- There some routing things that could be done on the Nortel, that cannot be done on the ASA. It's not a dealbreaker, but it has to do with the fundamental design of the ASA (as a security device) vs Contivity (Router + Security device)

- in SSL VPN mode, make sure to test all your apps with the default DTLS option. We ended up running into problems with our outlook clients and SAP Gui clients. Disabling DTLS sped up performance tremendously.

Good Luck!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: