Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
10
Helpful
5
Replies

PIX 520 Replacement

nyousif
Level 1
Level 1

‎05-26-2008 10:59 AM - edited ‎03-11-2019 05:50 AM

Hi there,

I have PIX 520 that I want to replace, I assume the new replacement is ASA. My question is which model. I use the PIX simply as a firewall. I do not want to under-engieenr the solution. So I will probably will require min three interfaces inside, outside and DMZ.

Thanks in advance for your help.

Labels:
0 Helpful
5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

‎05-26-2008 05:05 PM

Nabeel,

Bellow pdf provides migration guide from PIX 500 series to ASA5500 series.

PIX520 equivalent upgrade to asa is asa5520 but from what you have indicated needing only inside,outside and DMZ you probably are looking at the ASA5510, you still need to conduct thourough assesment and baseline of your currently PIX520 such Ipsec vpns tunnels currentl utilization if any, look at bellow comparison table and total ASA firewall Mbps throughput.

PIX/ASA upgrade path chart

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd8053258b.pdf

Lastly you may want to check models performance throughput.

ASA comparison chart

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

HTH

-Jorge

Jorge Rodriguez
0 Helpful

nyousif
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎05-26-2008 07:59 PM

Hi Jorge,

Thanks for the info, what is the best way to baseline my connection and firewall uitilazation. again thanks in advance for your help

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to nyousif

‎05-26-2008 09:39 PM

There are number of tools out there, pdm has a built-in monitoring tool tab which you can use to monitor pix cpu usage, xlate , regular connections, Ipsec connections etc.. you could setup graphical monitoring and let it run for a week to sort of get you overall pix utilization baseline.

You could also use PRGT to monitor the physical ports ethernet utilization, example would be the inside interface connecting to a switchport , monitor switchport through PRTG.

http://www.paessler.com/ , prtg is not free but they have demo allowing to monitor two or three physical ports free.

Or if you have an internal snmp server you could also configure snmp to pool pix stats http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml#intro

HTH

Rgds

-Jorge

PLS rate any helpful post if it helped

Jorge Rodriguez

nyousif
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎05-27-2008 05:49 AM

Jorge,

Thanks for all your help

0 Helpful

tj.mitchell
Level 4
Level 4
In response to nyousif

‎05-27-2008 12:53 PM

Don't forget about a failover interface since the ASA uses an Ethernet interface not the serial cable..

TJM

pls rate if post was helpful..

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card