Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 506 Replacement Suggestions

I have (3) sites that currently are using PIX 506's with 2610 routers. I have to budget to replace the PIX's next year, since they went off support unexpectedly this year. The 2610's go off support next year, so I need to replace those also. There are site-site VPN's established. Connectivity is either a T1 or business cable connection. Since I'd like to setup a DMZ, I was looking at the spec's for a ASA5510 and perhaps a 2811 router? I don't anticipate adding additional T1's or significant bandwidth to any of the sites. Sites are < 50 users.

Thanks.

John

3 REPLIES

Re: PIX 506 Replacement Suggestions

What about using a router for terminating your T-1 connections and providing firewall/VPN features? Something like an 1841 with VPN AIM card.

1841 Router

http://cisco.com/en/US/products/ps5853/products_data_sheet0900aecd8016a59b.html

VPN AIM Card

http://cisco.com/en/US/products/ps5853/products_data_sheet0900aecd804ff58a.html

You can buy the security bundle wich includes everything you need.

CISCO1841-HSEC/K9 "Cisco 1841 Security Bundle with IOS Advanced IP services, AIM-VPN/BPII-PLUS, 64 MB Flash/256 MB DRAM"

You would still need to buy a WIC-T1-DSU (or something similar) for terminating the T-1.

HTH

New Member

Re: PIX 506 Replacement Suggestions

Had a conversation with our teleco provider this morning. Right now I'm leaning toward having them lease us the routers so that they 'own' any problems up to and including that CPE. The incremental monthly cost isn't that much. So, I guess at this point, it's just a question of which ASA 5500 series model I choose for the (2) locations. Probably a pair of 5510's.

Re: PIX 506 Replacement Suggestions

Just as an FYI the ASA5505 can handle up to 100MB of VPN traffic, so if you only have a T1 an ASA5510 might be over kill (170MB VPN).

111
Views
0
Helpful
3
Replies
CreatePlease login to create content