08-19-2008 01:00 PM - edited 02-21-2020 02:58 AM
Hi
Could I have your thoughts on what is the best option as a firewall/VPN appliance. The network I'm looking to deploy the appliance on has a Webserver and a Mail server with Outlook Web access that require outside access. There are a few servers that have a requirement for remote access also, so I was thinking of using 3DES IPSec VPN tunnels for users to access the LAN.
I have used and configured PIX 515 firewalls before on networks using Cisco VPN Client software to access the LAN remotely, so I am to a degree familliar with this technology. But I'm not however familliar with the ASA appliances and was hoping for an opinion on what is the most cost effective, straight forward and easiest to deploy?
Many thanks
Mark
Solved! Go to Solution.
08-19-2008 04:57 PM
Mark,
I would definately recomend that you integrate the new ASA product versus the PIX, as you may already be aware that PIX platforms have reached End Of Life. If you were in a scenario where you were utilizing PIX515 and were looking into additional features that PIX 6.3.5 code does not provide then it would be feasable to upgrade code to 7.x-8.x on 515 for example to take advantage of much reacher features in code 7.x and above. But it seems this is not the case, if you are looking to implement a new security applience look into ASA5500 series.
If you are familiar with PIX you will be fine, of course, there are new features to learn and totally new architecture but the basic concept of firewalling and traffic control remains the same. All your requirements such as L2L VPNs, RA VPNS can be accomplish in addition to other great features you would never see in code 6.3.5.
The most important point is to integrate a new platform, not one that has reach end of life, that is my personal opinion.
ASA Platforms
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
Rgds
Jorge
08-19-2008 04:57 PM
Mark,
I would definately recomend that you integrate the new ASA product versus the PIX, as you may already be aware that PIX platforms have reached End Of Life. If you were in a scenario where you were utilizing PIX515 and were looking into additional features that PIX 6.3.5 code does not provide then it would be feasable to upgrade code to 7.x-8.x on 515 for example to take advantage of much reacher features in code 7.x and above. But it seems this is not the case, if you are looking to implement a new security applience look into ASA5500 series.
If you are familiar with PIX you will be fine, of course, there are new features to learn and totally new architecture but the basic concept of firewalling and traffic control remains the same. All your requirements such as L2L VPNs, RA VPNS can be accomplish in addition to other great features you would never see in code 6.3.5.
The most important point is to integrate a new platform, not one that has reach end of life, that is my personal opinion.
ASA Platforms
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
Rgds
Jorge
08-19-2008 05:05 PM
Hi Jorge
Thanks for the advise, makes perfect sense!
Regards
Mark
08-19-2008 05:15 PM
Mark, you are very welcome.
Rgds
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide