07-10-2008 08:15 AM - edited 03-11-2019 06:12 AM
Hi, was wondering if anyone is using all the functions of an ASA, like a 5520, with PIX, IDS and VPN concentrator all running on the same box and how it was performing? Or is it better to use the ASA as a pix and use a IDS appliance like a 4215 and VPN concentrator like a 3020?
Solved! Go to Solution.
07-10-2008 12:08 PM
I would assume that the 3020 probably does not give you any problems, so I would go with the two 5520s (fail over pair) with an IPS module and connect the 3020 to an interface on the 5520s. If needs be you can always migrate your vpn config to the 5520s without too may issues, after all the ASAs are the replacements for the concentrators.
07-10-2008 11:27 AM
Depends on your budget, I have not heard anyone complain about the performance of the ASA 5520 with an IPS or CSC-SSM with vpn configured.
07-10-2008 11:31 AM
vpn concentrators are end of sale,so that should not even be an option.
i prefer seperate appliances for IPS, but that probably depends on budget too.
07-10-2008 12:02 PM
thanks for the input. I always start by assuming budget is not an issue and ask management for the best configuration. What I have currently are 2 515's that are end of life and a 3020 that's paid for. I have no IDS at all. I might be able to trade the 3020 under the TMP.
07-10-2008 12:08 PM
I would assume that the 3020 probably does not give you any problems, so I would go with the two 5520s (fail over pair) with an IPS module and connect the 3020 to an interface on the 5520s. If needs be you can always migrate your vpn config to the 5520s without too may issues, after all the ASAs are the replacements for the concentrators.
07-10-2008 12:28 PM
thanks again for everyone's ideas , they are all helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide