I have a Nortel VPN solution but I am going to an ASA solution. I am looking for feed back as to things that have worked and things that have not. I am just starting design so i am open to anything and look forward to your comments.
With PIX/ASA version 7.0 and later, a new feature is introduced that allows the PIX to support hairpinning in a VPN environment.
When the PIX/ASA is the hub in a VPN environment, this feature supports spoke-to-spoke VPN communications as it provides the ability for encrypted traffic to enter and leave the same interface. If the traffic is un-encrypted, it is dropped.There is another new feature in PIX version 7.0 that allows traffic to flow between two interfaces of the PIX that have the same security level
You can get more information regarding ASA 5520 from this link
We are in the process of migrating form a Nortel Contivity 2700 series to two 5520 ASA's.
In the process, we decided to move from IPSEC to SSL VPN.
- Makes sure that you are on at least 8.0.3(9) version. It fixes alot of issues with the SSL VPN.
- There some routing things that could be done on the Nortel, that cannot be done on the ASA. It's not a dealbreaker, but it has to do with the fundamental design of the ASA (as a security device) vs Contivity (Router + Security device)
- in SSL VPN mode, make sure to test all your apps with the default DTLS option. We ended up running into problems with our outlook clients and SAP Gui clients. Disabling DTLS sped up performance tremendously.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :