cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1189
Views
0
Helpful
7
Replies

Possible to replace a PIX 506e with ASA?

My company has three PIX 506e which do a site-to-site VPN. It works great. We are looking at replacing one of the PIX, due to a bad fan. Whereas PIX is EOL soon, we are looking at the ASA 5500 series. Which one will work will our current setup?

Some more details:

PIX Version: 6.3(4)

PDM Version: 3.0(3)

Total memory: 32MB

Total flash: 8MB

Licensed features: 3DES-AES

Unlimited inside hosts

Unlimited IKE peers

Max physical interfaces: 2

Max interfaces: 2

I can respond with more information if needed. Thanks for any responses.

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

Willie

Yes you could replace the 506 with an ASA device. Have a look at the ASA model comparison sheet - an ASA 5505 would do for you but you may want to consider a higher spec device.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

One thing to be aware of is that the ASA devices do not support v6.x, they only support v7 or v8 so the configuration will be somewhat different. There are a lot of good configuration docs on Cisco website though.

Jon

Thank you for your response, Jon.

What is the best way to upgrade our current PIX devices to v7 or v8? We don't have a current support plan through Cisco or a vendor, but I imagine that we would need to purchase one to do that.

Would that be recommended? Or would we be paying just as much to get the service plan as buying new devices?

Willie,

You still have time to plan migration to ASA, best bet is to run all these question through a cisco partnet sales rep to provide you with all the obtions there is for support plans.

For reference, to obatin Software support for example you do need smartnet services, not only you get software updates but also TAC support and/or unit replacement in event of hardware failure.

Go to partner locator page to locate partner

http://www.cisco.com/web/partners/index.html

You can go through the list of PIX models for EOL/EOS dates, sort of gives you an idea of deadlines to better plan your migration.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_eol_notices_list.html

EoS/EOL for the PIX 506E

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps4336/prod_eol_notice0900aecd80731dfa.html

Rgds

-Jorge

Jorge Rodriguez

Willie

One other point. Pix 506E devices cannot be upgraded to v7.x or v8.x. The minimum Pix firewall that can be upgraded is Pix 515E so if you want to go to v7.x you will need to replace your 506E's.

As Jorge mentioned you could look to trade in.

Jon

Thank you both for your replies. Do either of you know how I mark a conversation resolved?

At right hand lower corner of each thread in this conversation is a text rate this post, you may click there and rate..

Also I forgot to post another link, cisco has a trade in program , it does not hurt to ask about it , it may help in the cost when upgrading.

http://www.cisco.com/warp/public/779/largeent/purchase/trade_in.shtml

Rgds

-Jorge

Jorge Rodriguez

This is the direct link to the PIX >> ASA trade-in, but I hope it is valid in your case (if the PIX is functional):

http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/net_promotional_program0900aecd80346456.html

Once you decide to upgrade, keep this link handy (even tough it might not be that useful for a PIX 506):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808554ed.shtml

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: