Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

upgrading hardware


We are upgrading our networking devices. We have a 175 employee company; 2612 Perimeter router with access list performing firewall functions; 6 branch offices that use PIX 501 (5) and ASA 5505 (1) to VPN to main office PIX 506e.

We plan to upgrade to a 2800 router. 1. Would the 2800 perimeter router be able to do its routing functions and as well as VPN functions? 2. Would a ASA5510 replacement for the 506e be able to do VPN functions and firewall functions? 3. Any suggestions for a NAC device? Any suggestions for network monitoring tool?


Hall of Fame Super Blue

Re: upgrading hardware


1) A 2800 series router could do the firewalling + vpn termination + routing if that is what you want although i appreciate you may not want it to do all functions and it may well make sense to have a separate firewall. Only you can really make that decision.

IPSEC is done in hardware and if you need even more IPSEC throughput you can purchase an AIM for it.

Attached is the data sheet for the 2800 series router. Be aware that for IPSEC and or Firewalling you will need to make sure you order the right IOS with it.

2) Yes an ASA5510 is a more than adequate replacement for a pix 506. Bear in mind that the config will be different because your ASA will be running v7.x code and not v6.x which is probably what's on your 506e.

3) Not sure what you mean by this. Cisco do a standalone NAC device and NAC integrated with 802.1x on the switches.

Network monitoring tool - we use Ciscoworks but this might be overkill for you. Main issue wis with monitoring pix firewalls - ADSM is only one firewall at a time. Cisco do the Cisco Security Manager software for managing multiple devices but it isn't cheap.

Alternatively you could look for free software for snmp and sylog messages - there are quite a few out there.