Could I have your thoughts on what is the best option as a firewall/VPN appliance. The network I'm looking to deploy the appliance on has a Webserver and a Mail server with Outlook Web access that require outside access. There are a few servers that have a requirement for remote access also, so I was thinking of using 3DES IPSec VPN tunnels for users to access the LAN.
I have used and configured PIX 515 firewalls before on networks using Cisco VPN Client software to access the LAN remotely, so I am to a degree familliar with this technology. But I'm not however familliar with the ASA appliances and was hoping for an opinion on what is the most cost effective, straight forward and easiest to deploy?
I would definately recomend that you integrate the new ASA product versus the PIX, as you may already be aware that PIX platforms have reached End Of Life. If you were in a scenario where you were utilizing PIX515 and were looking into additional features that PIX 6.3.5 code does not provide then it would be feasable to upgrade code to 7.x-8.x on 515 for example to take advantage of much reacher features in code 7.x and above. But it seems this is not the case, if you are looking to implement a new security applience look into ASA5500 series.
If you are familiar with PIX you will be fine, of course, there are new features to learn and totally new architecture but the basic concept of firewalling and traffic control remains the same. All your requirements such as L2L VPNs, RA VPNS can be accomplish in addition to other great features you would never see in code 6.3.5.
The most important point is to integrate a new platform, not one that has reach end of life, that is my personal opinion.