Replacing a 2960 Switch with ASA5505 for PCI Compliance: Is this config possible ?

Unanswered Question
Jun 22nd, 2010


We have a building on the campus which can only be reached via a line of site wireless link. At the remote end there is a car park which is due to have a credit card swipe system installed at the exit barrier to allow customers to pay as they leave.

Network services are currently provided by a Cisco 2960 switch which connects back to the corporate LAN via the Wireless link. At the local (head) end we have a Cisco ASA 5540 which provides a level of security on the inbound direction.

In order to make the wireless link PCI compliant I am proposing that the Cisco 2960 switch be swapped out with an ASA 5505 and a site to site VPN tunnel be created over the wireless link back to the local head end ASA 5540.

The issue is that we have an IP Phone in this remote location which is connected to the Cisco 2960 using the "switchport voice vlan" and "mls qos trust cos" commands to allow the IP Phone to work and connect back to the IP PBX inside the corporate LAN.

If I am to replace the Cisco 2960 switch with the ASA 5505 I need to be sure that the IP Phone can be connected directly into the ASA 5505 and that the Voice traffic can be switched over the link (not through the site to site VPN) as it did when connected to the Cisco 2960.

I have trawled through the configuration guides for the ASA 5505 and can find no information about this level of support, although it does support 2 PoE ports and 8 switched interfaces, one would assume that these commands would be supported.

Any help would be greatly appreciated.

(P.S I have asked the provider of the Wireless link to see if there system supports encryption as this would be a much cleaner solution, but I have no response so far).

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion