Need recommendation on firewall and vpn replacement

Discussion in 'Cisco' started by pfisterfarm, May 1, 2009.

  1. pfisterfarm

    pfisterfarm Guest

    We've got a pair of PIX 525s in active/standby mode, plus a pair of
    VPN 3005 concentrators (one active, one redundant using vrrp) for
    IPSec VPN connections (both LAN-to-LAN and Remote Access, 3DES). I'm
    trying to generate a proposal to replace all 4 devices with more
    current equipment.

    From Cisco's website, it looks like the ASA 5520 is the recommended
    replacement for the PIX 525 and there's an SSL/IPSec VPN Edition
    recommended for replacing the 3005s. The SSL/IPSec VPN edition seems
    to be a fair bit more expensive than the other version... Can just the
    a pair of ASA 5520s handle the job of what we're using now, or do we
    really need the more expensive version?

    Also, I've seen mention of a Technology Migration Plan from Cisco.
    Would this apply here, or is it even still evailable?


    pfisterfarm, May 1, 2009
    1. Advertisements

  2. Cisco pretty much is leaving basic IPsec VPN client behind. It does
    not support 64-bit WinXP or 64-bit Vista, and most likely never will.
    Without the SSL VPN edition of the ASA, you can't support these OSs.
    Their new VPN client, the AnyConnect VPN requires SSL VPN support on
    the ASA, and does support 64-bit windows OSes, and is what Cisco will
    be moving forward on.

    So, depends on what you want to support in the future really.

    Doug McIntyre, May 1, 2009
    1. Advertisements

  3. pfisterfarm

    pfisterfarm Guest

    So, if we weren't concerned about supporting 64-bit OSes, the cheaper
    one would probably work, otherwise we'd need the more expensive one,

    pfisterfarm, May 1, 2009
  4. pfisterfarm

    Jens Haase Guest

    There is a client from NCP that supports
    IPSEC VPN on 64bit OS. So you could use that one.
    I think the SSL edition comes bundled with SSL-VPN licenses so that it
    would be cheaper to buy it with if you plan on using SSL-VPN. You can
    however upgrade the license later if you wish to.

    Jens Haase, May 2, 2009
  5. pfisterfarm

    Li-Ji Guest

    You are right! IPSec VPN is free for base ASA (

    A pair of base (cheaper) ASA 5520 will do both jobs of your old VPN
    3005 and PIX 525.

    Li-Ji, May 9, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.