Cisco Pix to be Discontinued

S

scottatwittenberg

2[H]4U
Joined
Apr 10, 2002
Messages
3,306
I was talking to your CDW rep today and he mentioned that the PIX is going to be discontinued in July.

We were looking at getting a VPN accelerator card to put into a pix 515 for a client who sometimes has problems with slow VPN connections.

What ASA device would be comparable to a 515, and would it offer and real advantage as far as VPN connectivity goes. Or would even a "lower level" device be able to handle say 10 concurrent vpn connections?

Thanks

Scott
 
You probably could get away with an ASA 5505. I have replaced PIX 515s with ASA 5510 though. It really depends on the load. The processors in the ASA are faster than the PIXs in MHz terms. If you are looking for an equivalent 1U solution, the 5510 is what you are looking for.
 
they said they will support them for many years to come... for 10 concurrent connections i don't think i'd invest to much money
 
How much is the VPN accellerator card? Have you check the PIX to see if the memory or CPU utilization is running high? If so then replacing with an asa5510 would definitely give improved performance. If your resource utilization is not high then I am wondering if your circuit is over-utilized and that is why the performance is bad. What do you have for internets?
 
scottatwittenberg said:
I was talking to your CDW rep today and he mentioned that the PIX is going to be discontinued in July.

We were looking at getting a VPN accelerator card to put into a pix 515 for a client who sometimes has problems with slow VPN connections.

What ASA device would be comparable to a 515, and would it offer and real advantage as far as VPN connectivity goes. Or would even a "lower level" device be able to handle say 10 concurrent vpn connections?

Thanks

Scott
Click to expand...


10 Concurrent connections? An accelerator card sounds un-needed. Have you watched statistics on the box to verify that it really is being overtaxed? I've got constant traffic on an 11 spoke IPSEC network with a 506E as the hub and CPU never spikes over 30% or so. You may have other issues going on..

Ditto Captain C.

Speaking of CDW, does anyone else's Rep bug the ever-living crap outta them? My guy calls me 3 or 4 times a week.:rolleyes:
 
Nate7311 said:
Speaking of CDW, does anyone else's Rep bug the ever-living crap outta them? My guy calls me 3 or 4 times a week.:rolleyes:
Click to expand...

Mine used to, wanting me to drive down to Chicago to tour thier offices, asking how my weekend was etc. But when I got a bunch of vmware quotes from him, and then decided to bundle it with the dell servers i bought, he's only been calling like once every couple months, just to keep in contact. I think I pissed him off, but then again, i think he mistook our relationship for a friendship, when all i really want is the cheapest possible product.
 
My Cisco sales guy (Who I have never actually bought anything from) calls me 2-3 times a week even though I never have any business for him. And he introduces himself every time like I haven't heard it 100 times before. My CDW rep is fairly tame.

As far as the ASA 5505 goes - would this unit be appropriate for a site to site VPN? I'm looking for something relatively simple to connect our two buildings, we have a 1.5Mbps ATM connection between our buildings but since we're moving to a cheaper-but-faster (either Business FIOS or a Comcast Business account) option I'd like to do a VPN between the two buildings to maintain the relatively small amount of cross-building traffic as well as be able to VPN in from the outside for remote access for a handful of users. Would the ASA 5505 work well for this scenario?
 
Goatbert said:
As far as the ASA 5505 goes - would this unit be appropriate for a site to site VPN? I'm looking for something relatively simple to connect our two buildings, we have a 1.5Mbps ATM connection between our buildings but since we're moving to a cheaper-but-faster (either Business FIOS or a Comcast Business account) option I'd like to do a VPN between the two buildings to maintain the relatively small amount of cross-building traffic as well as be able to VPN in from the outside for remote access for a handful of users. Would the ASA 5505 work well for this scenario?
Click to expand...

Yep. The base (10 User) and 50 User models will support up to 10 IPSec tunnels. There is a security plus version that will do 25.
 
Nate7311 said:
Speaking of CDW, does anyone else's Rep bug the ever-living crap outta them? My guy calls me 3 or 4 times a week.:rolleyes:
Click to expand...
We've beaten ours into only calling when we need something from him. He used to bug the shit out of us too, but then we told him we're too busy to listen to sales pitches, and that we'd let him know when we needed something.

He kept calling though, so we started just leaving him on hold. He got the message.
 
Goatbert said:
My Cisco sales guy (Who I have never actually bought anything from) calls me 2-3 times a week even though I never have any business for him. And he introduces himself every time like I haven't heard it 100 times before. My CDW rep is fairly tame.

As far as the ASA 5505 goes - would this unit be appropriate for a site to site VPN? I'm looking for something relatively simple to connect our two buildings, we have a 1.5Mbps ATM connection between our buildings but since we're moving to a cheaper-but-faster (either Business FIOS or a Comcast Business account) option I'd like to do a VPN between the two buildings to maintain the relatively small amount of cross-building traffic as well as be able to VPN in from the outside for remote access for a handful of users. Would the ASA 5505 work well for this scenario?
Click to expand...

the asa5505 would be excellent for what you want to do. Just make sure you will not have ANY more than 10 users behind a 10-user asa. Anything that uses NTP over the internets counts as a user. We have run into this problem a few times. If you are even remotely close to that go buy the 50-user license.
 
Captain Colonoscopy said:
the asa5505 would be excellent for what you want to do. Just make sure you will not have ANY more than 10 users behind a 10-user asa. Anything that uses NTP over the internets counts as a user. We have run into this problem a few times. If you are even remotely close to that go buy the 50-user license.
Click to expand...

Agreed. You are better off buying the 50 or Unlimited to start with and save yourself some trouble. That is the only thing I hate about my ASA5505.

:)
http://www.needmoreboost.com/wes/housepics/newtoy.jpg
 
The 50 user version isn't too much more. I don't ever really use the 10 user version for customers. I pretty much only go with the 50 user version.
 
Goatbert said:
Does the unit itself contain the licensing needed for the VPN client as well?
Click to expand...

Depends. IPSEC, yes. SSL, no. (10 IPSEC connections, 2 web vpn ssl). Make sure you get the BUN-K9 if you want 3DES/AES. The K8 only gives you DES.
 
One HUGE advantage of an ASA for VPN, you can connect through a web browser, no Cisco VPN software required. :) (Makes it nice for Windows 64-bit users, like myself.)
 
Traze said:
One HUGE advantage of an ASA for VPN, you can connect through a web browser, no Cisco VPN software required. :) (Makes it nice for Windows 64-bit users, like myself.)
Click to expand...

You can also use the Windows built-in VPN client to connect to an ASA, so there are options for 64bit users. Though Cisco so far isn't planning on support x64 with the traditional VPN client.
 
MorfiusX said:
You can also use the Windows built-in VPN client to connect to an ASA, so there are options for 64bit users. Though Cisco so far isn't planning on support x64 with the traditional VPN client.
Click to expand...

Ya, Cisco is usually good about this stuff, but I guess the ASAs are for people like me, that have to upgrade to one to get VPN working. :)
 
You must log in or register to reply here.
Back
Top