We are upgrading our networking devices. We have a 175 employee company; 2612 Perimeter router with access list performing firewall functions; 6 branch offices that use PIX 501 (5) and ASA 5505 (1) to VPN to main office PIX 506e.
We plan to upgrade to a 2800 router. 1. Would the 2800 perimeter router be able to do its routing functions and as well as VPN functions? 2. Would a ASA5510 replacement for the 506e be able to do VPN functions and firewall functions? 3. Any suggestions for a NAC device? Any suggestions for network monitoring tool?
1) A 2800 series router could do the firewalling + vpn termination + routing if that is what you want although i appreciate you may not want it to do all functions and it may well make sense to have a separate firewall. Only you can really make that decision.
IPSEC is done in hardware and if you need even more IPSEC throughput you can purchase an AIM for it.
Attached is the data sheet for the 2800 series router. Be aware that for IPSEC and or Firewalling you will need to make sure you order the right IOS with it.
2) Yes an ASA5510 is a more than adequate replacement for a pix 506. Bear in mind that the config will be different because your ASA will be running v7.x code and not v6.x which is probably what's on your 506e.
3) Not sure what you mean by this. Cisco do a standalone NAC device and NAC integrated with 802.1x on the switches.
Network monitoring tool - we use Ciscoworks but this might be overkill for you. Main issue wis with monitoring pix firewalls - ADSM is only one firewall at a time. Cisco do the Cisco Security Manager software for managing multiple devices but it isn't cheap.
Alternatively you could look for free software for snmp and sylog messages - there are quite a few out there.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...