06-17-2008 11:01 AM - edited 02-21-2020 02:04 AM
My company has three PIX 506e which do a site-to-site VPN. It works great. We are looking at replacing one of the PIX, due to a bad fan. Whereas PIX is EOL soon, we are looking at the ASA 5500 series. Which one will work will our current setup?
Some more details:
PIX Version: 6.3(4)
PDM Version: 3.0(3)
Total memory: 32MB
Total flash: 8MB
Licensed features: 3DES-AES
Unlimited inside hosts
Unlimited IKE peers
Max physical interfaces: 2
Max interfaces: 2
I can respond with more information if needed. Thanks for any responses.
06-17-2008 11:16 AM
Willie
Yes you could replace the 506 with an ASA device. Have a look at the ASA model comparison sheet - an ASA 5505 would do for you but you may want to consider a higher spec device.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
One thing to be aware of is that the ASA devices do not support v6.x, they only support v7 or v8 so the configuration will be somewhat different. There are a lot of good configuration docs on Cisco website though.
Jon
06-17-2008 11:55 AM
Thank you for your response, Jon.
What is the best way to upgrade our current PIX devices to v7 or v8? We don't have a current support plan through Cisco or a vendor, but I imagine that we would need to purchase one to do that.
Would that be recommended? Or would we be paying just as much to get the service plan as buying new devices?
06-18-2008 01:34 PM
Willie,
You still have time to plan migration to ASA, best bet is to run all these question through a cisco partnet sales rep to provide you with all the obtions there is for support plans.
For reference, to obatin Software support for example you do need smartnet services, not only you get software updates but also TAC support and/or unit replacement in event of hardware failure.
Go to partner locator page to locate partner
http://www.cisco.com/web/partners/index.html
You can go through the list of PIX models for EOL/EOS dates, sort of gives you an idea of deadlines to better plan your migration.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_eol_notices_list.html
EoS/EOL for the PIX 506E
Rgds
-Jorge
06-18-2008 02:49 PM
Willie
One other point. Pix 506E devices cannot be upgraded to v7.x or v8.x. The minimum Pix firewall that can be upgraded is Pix 515E so if you want to go to v7.x you will need to replace your 506E's.
As Jorge mentioned you could look to trade in.
Jon
06-18-2008 01:55 PM
Thank you both for your replies. Do either of you know how I mark a conversation resolved?
06-18-2008 02:30 PM
At right hand lower corner of each thread in this conversation is a text rate this post, you may click there and rate..
Also I forgot to post another link, cisco has a trade in program , it does not hurt to ask about it , it may help in the cost when upgrading.
http://www.cisco.com/warp/public/779/largeent/purchase/trade_in.shtml
Rgds
-Jorge
06-18-2008 06:47 PM
This is the direct link to the PIX >> ASA trade-in, but I hope it is valid in your case (if the PIX is functional):
Once you decide to upgrade, keep this link handy (even tough it might not be that useful for a PIX 506):
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide