We are currently switching over to an MPLS network and don't trust the Service Provider to have a secure core. I've been looking at the GETVPN for encrypting all our traffic between our branches and headquarters. We are thinking about having ASA5505 at all our branches to do the encrypting but from what I've read that a firewall would not be a smart idea. Also I was looking at having our firewall at our main office to be the Key Server, but can't find to much on how to set it up. So I guess my question is will it be smart to use a ASA5505 for our Group Member (GM) at our branches and a ASA5510 for our Key Server (KS) at our main office and backup location or should we go with a 1921 with a security license at the branches and 2801 or 2811 as our KS at the main office and backup location.
The ASA does not support GETVPN at this time so you'll only be able to use routers at this point in time. The key server resources isn't much so you can go with a smaller platform. If you're using 1921's at the edge then I would suggest a pair (for redundancy) of 1921's as Key Servers.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...