05-14-2008 09:31 AM - edited 03-10-2019 04:06 AM
I currently have a 3725 + the NM-CIDS module doing my firewall / IPS / VPN.
I'm considering upgrading to a ASA 55xx box.
I was reading the product page, and it does not seem that I can have one ASA box that does both the IPS with an AIP-SSM-xx and the anti-virus with an CSC-SSM-xx because the box only has one SSM slot.
I also need this box to be compatible and take over the peer to peer VPN that the 3725 is doing with my current IOS. I have several remote 87x router connected over ADSL and cable connection with active IOS VPN. My 3725 currently has a AIM VPN card to help the CPU. If I change it to a ASA box will I have to re-configure all the remote 87x routers?
Thanks...
05-20-2008 06:22 AM
I think it will work , make sure the configuration and necssary setings before you proceed.
05-22-2008 12:03 AM
Ok, thanks for the VPN info. Now I guess I need 2 ASA 55XX to be able to do both IPS and Content (Anti-X) filtering right?
Is there some design documentation somewhere about this?
Thanks
05-22-2008 06:42 AM
None of the ASAs have more than one SSM slot. So, in that regard, yes, you would need two. But I beleive there are other solutions than using 2 ASAs. Content filtering can be done by other systems and appliances (iPrisims, ISA, WebSense, etc). So this may be an alternative. If you have the cards and wish to leverage your current hardware, then a second ASA may be the most economical.
05-26-2008 10:11 PM
I would use one ASA with the AIP-SSM module.
And then place a seperate Anti-x type of device at the back. Having a seperate ASA for the CSM module is overkill IMHO.
There is no real integration between the CSM/IPS module anyway, so you still have to manage different GUIs. A good option would be to go for IronPort, since they are now part of Cisco, there might be some neat integrations coming along in the future (giving you more value for money). There is'nt any great feedback about the CSM module, most people I know don't like to position it, including some Cisco CSEs themselves(its based on Trend Micro btw)
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: