Need recommendations for firewall and vpn replacement
We've got a pair of PIX 525s in active/standby mode, plus a pair of VPN 3005 concentrators (one active, one redundant using vrrp) for IPSec VPN connections (both LAN-to-LAN and Remote Access, 3DES). I'm trying to generate a proposal to replace all 4 devices with more current equipment.
From Cisco's website, it looks like the ASA 5520 is the recommended replacement for the PIX 525 and there's an SSL/IPSec VPN Edition recommended for replacing the 3005s. The SSL/IPSec VPN edition seems to be a fair bit more expensive than the other version... Can just the a pair of ASA 5520s handle the job of what we're using now, or do we really need the more expensive version?
Also, I've seen mention of a Technology Migration Plan from Cisco. Would this apply here, or is it even still evailable?
Re: Need recommendations for firewall and vpn replacement
The ASA-5520 will support up to 450Mbps firewall throughput, 225Mbps VPN throughput while supporting up to a maximum of 750 concurrent IPSec/SSL VPN connections (with relevant SSL licenses). Ultimately a pair of these should be able to handle the role of the PIX-525 and VPN-3005 combined without an issue; however you really need to base this decision on whether they will support your future needs too?
Do the above figures meet your needs and if not the ASA-5540 will give you more with 650Mbps firewall throughput, 325Mbps VPN throughput and support for up to 5000 IPSec VPNs or 2500 SSL VPNs (with relevant SSL licenses).
The cost difference with SSL/IPSec edition is due to the SSL VPN licenses which are an additional cost. If you plan to continue to use the IPSec VPN clients then stay with the firewall edition. You can add SSL VPN licenses to the firewall edition at a later date if you wish.
In terms of the TMP you would need to check with your Cisco reseller/Cisco account manager.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...