We have an opportunity to replace a competitor's router with a Cisco Security Appliance. I have a few questions about the SA540. I am on the edge between recommending a SA540 or a ASA5505/5510. I will try to address my SA questions in this forum and find the appropriate forum for the ASA questions.
The customer has approx 15-20 users, but there is very high security availability requirements. Single site, with users accessing the network remotley. The customer uses Dual WAN and is requesting Active/Active WAN connectivity.
1. According to the Datasheet, it supports Load Balancing and Failover (via the optional port for dual WAN). Is the optional support an added feature? Am I to understand that it will concurrently use both WAN services?
2. Is there any support for having two SA540s in Active/Standby? So, should there be a hardware failure, it would fail over the SA automatically, transparent to the end users? That may not be a deal breaker, as the customer is saying that buying a spare to have on hand and a manual reconnect may be acceptable. But, I am trying to present value.
3. I see no this device that we have SSL VPNs available. I am trying to determine what level of VPNs are available on this appliance. On the ASA you have three different options of SSL vpns: Client, Thin Client, and Clientless. Are all three available on this appliance?
This question assumes the active/active dual WAN.
4. There current device has an issue and I'd like to be able to say that we aren't going to have the issue on this device. The issue is that a user authenticates with a website, then (while using it) the router switches them to the other WAN service, so they have to reauthenticate. So, how do I go about addressing that? Are there any quantifable metrics that I can use to address that?
For example, I would like to tell the customer that once an internal IP requested internet, that internal IP will continue to use the same WAN service until there is a 5 minute period of inactivity. That's just an example. I don't know if it does that or if that level of information is available. or maybe it uses some other method of determining where to send a packet.
5. I don't see any support for authenticating VPN users via LDAP?
6. The Datasheet says that it supports 16 VLans. Does this mean that we can do 2 WAN connections, a DMZ, and 13 internal subnet/vlans, provided we don't exceed 16 total VLans?
7. Is there any support for IP Phone proxy. This feature on the ASA allows you to connect your phone anywhere with internet connectivyt and it find the ASA and uses the ASA to proxy to an internal call manager.
1. The Optional port can be configured as a WAN port, a LAN port, or a DMZ port. When configured as WAN, it can be configured to do load balancing or failover. It can use both WAN ports at the same time. You can bind different types of traffic to use each port if you would like as well.
2. Currently, there is no hardware failover. It would be a manual unplug, plugin the new box.
3. The SSLVPN comes in 2 modes. Full tunnel and port fowarding tunnel.
4. I haven't tried this exactly, but you can bind traffic to use a particular port. You could force all https: traffic to use the WAN and ftp traffic to use the optional port.
5. There is support for it for SSLVPN users. For VPN users, you can use a radius server for authentication.
6. 16 local VLANs. DMZ and WAN are seperate.
7. Currently we do not have a IP Phone Proxy for this system. It would require a hardware client on the side of the end user.
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...