Need recommendations for firewall and vpn replacement

Unanswered Question
May 1st, 2009
User Badges:

We've got a pair of PIX 525s in active/standby mode, plus a pair of VPN 3005 concentrators (one active, one redundant using vrrp) for IPSec VPN connections (both LAN-to-LAN and Remote Access, 3DES). I'm trying to generate a proposal to replace all 4 devices with more current equipment.

From Cisco's website, it looks like the ASA 5520 is the recommended replacement for the PIX 525 and there's an SSL/IPSec VPN Edition recommended for replacing the 3005s. The SSL/IPSec VPN edition seems to be a fair bit more expensive than the other version... Can just the a pair of ASA 5520s handle the job of what we're using now, or do we really need the more expensive version?

Also, I've seen mention of a Technology Migration Plan from Cisco. Would this apply here, or is it even still evailable?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
r.bishop Tue, 05/05/2009 - 01:42
User Badges:

Hi Steve,

The ASA-5520 will support up to 450Mbps firewall throughput, 225Mbps VPN throughput while supporting up to a maximum of 750 concurrent IPSec/SSL VPN connections (with relevant SSL licenses). Ultimately a pair of these should be able to handle the role of the PIX-525 and VPN-3005 combined without an issue; however you really need to base this decision on whether they will support your future needs too?

Do the above figures meet your needs and if not the ASA-5540 will give you more with 650Mbps firewall throughput, 325Mbps VPN throughput and support for up to 5000 IPSec VPNs or 2500 SSL VPNs (with relevant SSL licenses).

The cost difference with SSL/IPSec edition is due to the SSL VPN licenses which are an additional cost. If you plan to continue to use the IPSec VPN clients then stay with the firewall edition. You can add SSL VPN licenses to the firewall edition at a later date if you wish.

In terms of the TMP you would need to check with your Cisco reseller/Cisco account manager.




This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode