Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
4
Replies

New ASA 55xx

Bernard Magny
Level 1
Level 1

‎05-14-2008 09:31 AM - edited ‎03-10-2019 04:06 AM

I currently have a 3725 + the NM-CIDS module doing my firewall / IPS / VPN.

I'm considering upgrading to a ASA 55xx box.

I was reading the product page, and it does not seem that I can have one ASA box that does both the IPS with an AIP-SSM-xx and the anti-virus with an CSC-SSM-xx because the box only has one SSM slot.

I also need this box to be compatible and take over the peer to peer VPN that the 3725 is doing with my current IOS. I have several remote 87x router connected over ADSL and cable connection with active IOS VPN. My 3725 currently has a AIM VPN card to help the CPU. If I change it to a ASA box will I have to re-configure all the remote 87x routers?

Thanks...

Labels:
0 Helpful
4 Replies 4

mchin345
Level 6
Level 6

‎05-20-2008 06:22 AM

I think it will work , make sure the configuration and necssary setings before you proceed.

0 Helpful

Bernard Magny
Level 1
Level 1

‎05-22-2008 12:03 AM

Ok, thanks for the VPN info. Now I guess I need 2 ASA 55XX to be able to do both IPS and Content (Anti-X) filtering right?

Is there some design documentation somewhere about this?

Thanks

0 Helpful

jphilope
Level 3
Level 3
In response to Bernard Magny

‎05-22-2008 06:42 AM

None of the ASAs have more than one SSM slot. So, in that regard, yes, you would need two. But I beleive there are other solutions than using 2 ASAs. Content filtering can be done by other systems and appliances (iPrisims, ISA, WebSense, etc). So this may be an alternative. If you have the cards and wish to leverage your current hardware, then a second ASA may be the most economical.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to jphilope

‎05-26-2008 10:11 PM

I would use one ASA with the AIP-SSM module.

And then place a seperate Anti-x type of device at the back. Having a seperate ASA for the CSM module is overkill IMHO.

There is no real integration between the CSM/IPS module anyway, so you still have to manage different GUIs. A good option would be to go for IronPort, since they are now part of Cisco, there might be some neat integrations coming along in the future (giving you more value for money). There is'nt any great feedback about the CSM module, most people I know don't like to position it, including some Cisco CSEs themselves(its based on Trend Micro btw)

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card