We've currently planning on changing our Check Point FW to a Cisco ASA5510.
We are about 100 employees, have 15 IPsec VPN peers and 50 VPN clients. I've seen that ASA5510 comes in many different forms and licenses and I can't seem to find the right one for us.
Have all the ASA5510's the same hardware? What is the difference between this models:
1) ASA5510 Security Plus Firewall edition
2) ASA5510 IPsec VPN edition
3) ASA5510 Antix Edition
4) ASA5510 IPS Solution Bundle
I'll need a FW which can handle 15-30 Ipsec VPN peers, up to 100 concurrent VPN clients, and that has a good IPS/IDS solution. and also, it must support AES256 encryption algorithm and have the possibility for SSL VPN peers.
Which edition do you think will be best suited for us? Any thoughts?
With regards to the above question the hardware is all the same only the license's change and the modules that give the extra IPS,ANTIX only one can be installed, the ASA5510 can scale up to 250 SSL VPN peers on each Cisco ASA 5510 by installing an SSL VPN upgrade license; 250 IPsec VPN peers are supported on the base platform. VPN capacity and resiliency can also be increased by taking advantage of the Cisco ASA 5510's integrated VPN clustering and load-balancing capabilities (available if a Security Plus license is installed). The Cisco ASA 5510 supports up to 10 appliances in a cluster, supporting a maximum of 2500 SSL VPN peers or 2500 IPsec VPN peers per cluster.
With your above specification, I would look at the following ASA5510-AIP10-K9 (Cisco ASA 5510 IPS Edition includes AIP-SSM-10, firewall services, 250 IPsec VPN peers, 2 SSL VPN peers, 5 Fast Ethernet interfaces) and as you have said âand have the possibility for SSL VPN peersâ you could enable the SSL at a later date.
AIP SSM-10 --Concurrent Threat Mitigation Throughput (Firewall + IPS Services)
â¢ 150 Mbps with Cisco ASA 5510
I hope this helpsâ¦.