I wonder if someone out there can give me a hint as what's the best way to archieve what I need to do. Currently, I have two PIX515E (failover) as firewall and using PIX IPSEC VPN for remote access.
I am now in the process to procure a "complete" (what is complete in a fast changing world?) solution to include:
(3) Content Filtering (Spam,Virus,etc)
(4) Secure VPN connections regardless what devices (managed or unmanaged).
I have been looking at ASA 5520 (possible for future failover implementation) and kind of confuse by all these different modules, Hence the questions:
(1) Is there anyway to still utilize my existing PIX515E if I go with ASA?
(2) Does the VPN functionality include WebVPN? Or I have to purchase the SSL VPN licenses in order to use WebVPN?
(3) Shoudl I go with CSC-SSM instead of AIP? SOunded like CSC-SSM is for spam,virus,etc and AIP is for IPS and cannot be used at the same time. What if one does want to have both?
This whole project comes up simply because of remote VPN. We have users using Cisco VPn client to connect to the network and I would like to be sure that our network will not be infected because of these lightly protected client machines connecting to the network via the VPN.
hi there . the asa is as good as the pix.but for some speicifc features the asa is good thn the pix. it has the content security card and the intrusion prevention card in the box itself ofcourse u need to buy them. plus the pix doesn't support for webvpn. for remote access vpns can have load balancing between the 2 asa boxes. if u are more worried abt virus and worms then i would suggest go for the CSC-SSM module. now many more features wilbe brought in the asa but i doubt they will upgrade that in pix also cause then it would affect their asa sales. might in a years time they might bring the pix to end of sale. can't be sure of that . hope this helps.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :