01-15-2019 02:07 PM - edited 02-21-2020 08:40 AM
I have Cisco ASA 5510 that we are looking to replace. We would like to replace it with another Cisco Appliance.
My Question is 2 parts.
Part 1 I am not extremely familiar with the Cisco line of products. The main requirements are VPN and we have 2 internet circuits used for failover only not load balancing. What current appliance would be a suitable replacement to fit those requirements?
Part 2 Going back to not knowing to much about Cisco firwealls. Can a config file be saved from this ASA 5510 and then be dropped into a new device? Allowing it to apply all the current configuration of the old device. I know this device is really old and I would have a really hard time re-building all the port forwards, routing rules, ect.
Any help that anyone can suggest is appreciated
Thanks..
Solved! Go to Solution.
01-15-2019 07:15 PM
01-15-2019 02:18 PM - edited 01-15-2019 02:23 PM
Hi,
You could go with an ASA 5515-X, it depends on your throughput requirements etc. The lower models (5506-X and 5512-X) don't support the latest FTD code 6.3, so you may not wish to purchase that model if you wished to run the FTD image. The FTD image supports the latest NGFW features.
Instead of using the FTD image you could run the traditional ASA image that you are familar with. If you on your ASA 5510 you are runnning ASA pre v.8.3 then the newer code change the configuration of ACL and NAT, so you might need to amend the configuration.
Reference links, which may be helpful if you current ASA is runnning ASA v8.2 or lower:-
HTH
01-15-2019 02:27 PM
Forgive me but I don't know what FTD code or NGFW features are. Cisco is very new to me and im trying to learn my way through this.
The ASA version is 7.2(1)
The main ISP circuit is about 100 Mbps up and down.
01-15-2019 02:35 PM
NGFW features included Application Visibility Control, SSL Decryption, Anti-Malware, URL Filtering etc. Datasheet here
Datasheet for ASA models here. If you are just planning to terminate VPNs, then running the legacy ASA code might suffice. If you ran the FTD code this might be a learning curve, however the FTD code is the future.
HTH
01-15-2019 06:49 PM
01-15-2019 07:07 PM
Would either the 5508 or 5515-x be able to push 100 Mbps up and down?
Also the GUI for managing the device is something I would need. Currently there is a application that we run on one of our server that looks to run in Java. Firepower Management Center sounds like what we need as we do use radius for VPN authentication.
01-15-2019 07:15 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide