Possible to replace a PIX 506e with ASA?

Unanswered Question
Jun 17th, 2008
User Badges:

My company has three PIX 506e which do a site-to-site VPN. It works great. We are looking at replacing one of the PIX, due to a bad fan. Whereas PIX is EOL soon, we are looking at the ASA 5500 series. Which one will work will our current setup?


Some more details:

PIX Version: 6.3(4)

PDM Version: 3.0(3)

Total memory: 32MB

Total flash: 8MB

Licensed features: 3DES-AES

Unlimited inside hosts

Unlimited IKE peers

Max physical interfaces: 2

Max interfaces: 2


I can respond with more information if needed. Thanks for any responses.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 06/17/2008 - 11:16
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Willie


Yes you could replace the 506 with an ASA device. Have a look at the ASA model comparison sheet - an ASA 5505 would do for you but you may want to consider a higher spec device.


http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html


One thing to be aware of is that the ASA devices do not support v6.x, they only support v7 or v8 so the configuration will be somewhat different. There are a lot of good configuration docs on Cisco website though.


Jon

willie.gillespie Tue, 06/17/2008 - 11:55
User Badges:

Thank you for your response, Jon.


What is the best way to upgrade our current PIX devices to v7 or v8? We don't have a current support plan through Cisco or a vendor, but I imagine that we would need to purchase one to do that.


Would that be recommended? Or would we be paying just as much to get the service plan as buying new devices?

JORGE RODRIGUEZ Wed, 06/18/2008 - 13:34
User Badges:
  • Green, 3000 points or more

Willie,


You still have time to plan migration to ASA, best bet is to run all these question through a cisco partnet sales rep to provide you with all the obtions there is for support plans.


For reference, to obatin Software support for example you do need smartnet services, not only you get software updates but also TAC support and/or unit replacement in event of hardware failure.

Go to partner locator page to locate partner

http://www.cisco.com/web/partners/index.html


You can go through the list of PIX models for EOL/EOS dates, sort of gives you an idea of deadlines to better plan your migration.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_eol_notices_list.html


EoS/EOL for the PIX 506E

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps4336/prod_eol_notice0900aecd80731dfa.html



Rgds

-Jorge

Jon Marshall Wed, 06/18/2008 - 14:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Willie


One other point. Pix 506E devices cannot be upgraded to v7.x or v8.x. The minimum Pix firewall that can be upgraded is Pix 515E so if you want to go to v7.x you will need to replace your 506E's.


As Jorge mentioned you could look to trade in.


Jon

willie.gillespie Wed, 06/18/2008 - 13:55
User Badges:

Thank you both for your replies. Do either of you know how I mark a conversation resolved?

JORGE RODRIGUEZ Wed, 06/18/2008 - 14:30
User Badges:
  • Green, 3000 points or more

At right hand lower corner of each thread in this conversation is a text rate this post, you may click there and rate..



Also I forgot to post another link, cisco has a trade in program , it does not hurt to ask about it , it may help in the cost when upgrading.



http://www.cisco.com/warp/public/779/largeent/purchase/trade_in.shtml


Rgds

-Jorge




Farrukh Haroon Wed, 06/18/2008 - 18:47
User Badges:
  • Red, 2250 points or more

This is the direct link to the PIX >> ASA trade-in, but I hope it is valid in your case (if the PIX is functional):


http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/net_promotional_program0900aecd80346456.html


Once you decide to upgrade, keep this link handy (even tough it might not be that useful for a PIX 506):


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808554ed.shtml


Regards


Farrukh

Actions

This Discussion