ASA or standalone appliances?

Answered Question
Jul 10th, 2008

Hi, was wondering if anyone is using all the functions of an ASA, like a 5520, with PIX, IDS and VPN concentrator all running on the same box and how it was performing? Or is it better to use the ASA as a pix and use a IDS appliance like a 4215 and VPN concentrator like a 3020?

I have this problem too.
0 votes
Correct Answer by kwillacey about 8 years 5 months ago

I would assume that the 3020 probably does not give you any problems, so I would go with the two 5520s (fail over pair) with an IPS module and connect the 3020 to an interface on the 5520s. If needs be you can always migrate your vpn config to the 5520s without too may issues, after all the ASAs are the replacements for the concentrators.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kwillacey Thu, 07/10/2008 - 11:27

Depends on your budget, I have not heard anyone complain about the performance of the ASA 5520 with an IPS or CSC-SSM with vpn configured.

srue Thu, 07/10/2008 - 11:31

vpn concentrators are end of sale,so that should not even be an option.

i prefer seperate appliances for IPS, but that probably depends on budget too.

DARYLE DIANIS Thu, 07/10/2008 - 12:02

thanks for the input. I always start by assuming budget is not an issue and ask management for the best configuration. What I have currently are 2 515's that are end of life and a 3020 that's paid for. I have no IDS at all. I might be able to trade the 3020 under the TMP.

Correct Answer
kwillacey Thu, 07/10/2008 - 12:08

I would assume that the 3020 probably does not give you any problems, so I would go with the two 5520s (fail over pair) with an IPS module and connect the 3020 to an interface on the 5520s. If needs be you can always migrate your vpn config to the 5520s without too may issues, after all the ASAs are the replacements for the concentrators.

Actions

This Discussion