Solved: ASA or standalone appliances?

DARYLE DIANIS · ‎07-10-2008

Hi, was wondering if anyone is using all the functions of an ASA, like a 5520, with PIX, IDS and VPN concentrator all running on the same box and how it was performing? Or is it better to use the ASA as a pix and use a IDS appliance like a 4215 and VPN concentrator like a 3020?

kwillacey · ‎07-10-2008

I would assume that the 3020 probably does not give you any problems, so I would go with the two 5520s (fail over pair) with an IPS module and connect the 3020 to an interface on the 5520s. If needs be you can always migrate your vpn config to the 5520s without too may issues, after all the ASAs are the replacements for the concentrators.

View solution in original post

kwillacey · ‎07-10-2008

Depends on your budget, I have not heard anyone complain about the performance of the ASA 5520 with an IPS or CSC-SSM with vpn configured.

srue · ‎07-10-2008

vpn concentrators are end of sale,so that should not even be an option.

i prefer seperate appliances for IPS, but that probably depends on budget too.

DARYLE DIANIS · ‎07-10-2008

thanks for the input. I always start by assuming budget is not an issue and ask management for the best configuration. What I have currently are 2 515's that are end of life and a 3020 that's paid for. I have no IDS at all. I might be able to trade the 3020 under the TMP.

kwillacey · ‎07-10-2008

I would assume that the 3020 probably does not give you any problems, so I would go with the two 5520s (fail over pair) with an IPS module and connect the 3020 to an interface on the 5520s. If needs be you can always migrate your vpn config to the 5520s without too may issues, after all the ASAs are the replacements for the concentrators.

DARYLE DIANIS · ‎07-10-2008

thanks again for everyone's ideas , they are all helpful.