Our central office has a VPN 3005 and a PIX 515. The VPN 3005 is the hub for 7 branch offices/spokes - each of which has a PIX 506e. The PIX 515 serves as the firewall for the cental office.
From what I can tell, the ASA devices don't suffer the same routing limitations that the PIXs did. It looks like the ASA will route traffic back out on the same interface that it came in on - for VPN purposes (I don't want a meshed VPN - all VPN traffic should travel through the hub). Would the ASA 5510 give me the capabilities of both older devices wrapped into one single new device?
Yes, I'm well aware of the limitations of the v6.x software. My 515 won't support v7.x without hardware upgrades, which is why I was asking about the ASA. If I get an ASA 5510 as a replacement for my PIX 515, would it also eliminate my need for the separate VPN 3005 concentrator? I'm thinking the ASA will serve both functions...
This is the same scenario that I am purchasing the 5510 for. I am replacing a 515 and a 3005 with this one device (with the security bundle to enable the extra ports). If you have implemented and run into issues, please post.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...