Need recommendation on firewall and vpn replacement

We've got a pair of PIX 525s in active/standby mode, plus a pair of VPN 3005 concentrators (one active, one redundant using vrrp) for IPSec VPN connections (both LAN-to-LAN and Remote Access, 3DES). I'm trying to generate a proposal to replace all 4 devices with more current equipment.

From Cisco's website, it looks like the ASA 5520 is the recommended replacement for the PIX 525 and there's an SSL/IPSec VPN Edition recommended for replacing the 3005s. The SSL/IPSec VPN edition seems to be a fair bit more expensive than the other version... Can just the a pair of ASA 5520s handle the job of what we're using now, or do we really need the more expensive version?

Also, I've seen mention of a Technology Migration Plan from Cisco. Would this apply here, or is it even still evailable?

Thanks!

--Steve

Reply to
pfisterfarm
Loading thread data ...

Cisco pretty much is leaving basic IPsec VPN client behind. It does not support 64-bit WinXP or 64-bit Vista, and most likely never will. Without the SSL VPN edition of the ASA, you can't support these OSs. Their new VPN client, the AnyConnect VPN requires SSL VPN support on the ASA, and does support 64-bit windows OSes, and is what Cisco will be moving forward on.

So, depends on what you want to support in the future really.

Dunno.

Reply to
Doug McIntyre

So, if we weren't concerned about supporting 64-bit OSes, the cheaper one would probably work, otherwise we'd need the more expensive one, correct?

Thanks!

Reply to
pfisterfarm

pfisterfarm schrieb:

There is a client from NCP

formatting link
that supports IPSEC VPN on 64bit OS. So you could use that one. I think the SSL edition comes bundled with SSL-VPN licenses so that it would be cheaper to buy it with if you plan on using SSL-VPN. You can however upgrade the license later if you wish to.

Jens

Reply to
Jens Haase

You are right! IPSec VPN is free for base ASA

formatting link
A pair of base (cheaper) ASA 5520 will do both jobs of your old VPN

3005 and PIX 525.

Cheers!

Reply to
Li-Ji

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.