cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
731
Views
10
Helpful
5
Replies

PIX 520 Replacement

nyousif
Level 1
Level 1

Hi there,

I have PIX 520 that I want to replace, I assume the new replacement is ASA. My question is which model. I use the PIX simply as a firewall. I do not want to under-engieenr the solution. So I will probably will require min three interfaces inside, outside and DMZ.

Thanks in advance for your help.

5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

Nabeel,

Bellow pdf provides migration guide from PIX 500 series to ASA5500 series.

PIX520 equivalent upgrade to asa is asa5520 but from what you have indicated needing only inside,outside and DMZ you probably are looking at the ASA5510, you still need to conduct thourough assesment and baseline of your currently PIX520 such Ipsec vpns tunnels currentl utilization if any, look at bellow comparison table and total ASA firewall Mbps throughput.

PIX/ASA upgrade path chart

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd8053258b.pdf

Lastly you may want to check models performance throughput.

ASA comparison chart

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

HTH

-Jorge

Jorge Rodriguez

Hi Jorge,

Thanks for the info, what is the best way to baseline my connection and firewall uitilazation. again thanks in advance for your help

There are number of tools out there, pdm has a built-in monitoring tool tab which you can use to monitor pix cpu usage, xlate , regular connections, Ipsec connections etc.. you could setup graphical monitoring and let it run for a week to sort of get you overall pix utilization baseline.

You could also use PRGT to monitor the physical ports ethernet utilization, example would be the inside interface connecting to a switchport , monitor switchport through PRTG.

http://www.paessler.com/ , prtg is not free but they have demo allowing to monitor two or three physical ports free.

Or if you have an internal snmp server you could also configure snmp to pool pix stats http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml#intro

HTH

Rgds

-Jorge

PLS rate any helpful post if it helped

Jorge Rodriguez

Jorge,

Thanks for all your help

Don't forget about a failover interface since the ASA uses an Ethernet interface not the serial cable..

TJM

pls rate if post was helpful..

Review Cisco Networking for a $25 gift card