Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 520 Replacement

Hi there,

I have PIX 520 that I want to replace, I assume the new replacement is ASA. My question is which model. I use the PIX simply as a firewall. I do not want to under-engieenr the solution. So I will probably will require min three interfaces inside, outside and DMZ.

Thanks in advance for your help.


Re: PIX 520 Replacement


Bellow pdf provides migration guide from PIX 500 series to ASA5500 series.

PIX520 equivalent upgrade to asa is asa5520 but from what you have indicated needing only inside,outside and DMZ you probably are looking at the ASA5510, you still need to conduct thourough assesment and baseline of your currently PIX520 such Ipsec vpns tunnels currentl utilization if any, look at bellow comparison table and total ASA firewall Mbps throughput.

PIX/ASA upgrade path chart

Lastly you may want to check models performance throughput.

ASA comparison chart



Community Member

Re: PIX 520 Replacement

Hi Jorge,

Thanks for the info, what is the best way to baseline my connection and firewall uitilazation. again thanks in advance for your help

Re: PIX 520 Replacement

There are number of tools out there, pdm has a built-in monitoring tool tab which you can use to monitor pix cpu usage, xlate , regular connections, Ipsec connections etc.. you could setup graphical monitoring and let it run for a week to sort of get you overall pix utilization baseline.

You could also use PRGT to monitor the physical ports ethernet utilization, example would be the inside interface connecting to a switchport , monitor switchport through PRTG. , prtg is not free but they have demo allowing to monitor two or three physical ports free.

Or if you have an internal snmp server you could also configure snmp to pool pix stats




PLS rate any helpful post if it helped

Community Member

Re: PIX 520 Replacement


Thanks for all your help


Re: PIX 520 Replacement

Don't forget about a failover interface since the ASA uses an Ethernet interface not the serial cable..


pls rate if post was helpful..

CreatePlease to create content