Solved: Re: Upgrade ASA5510 to modern device

n.avramenko87 · ‎12-30-2020

Hello, Friends! I need your advice.
I use ASA5510 on the edge on network.(I have two offices and two devices)
In plan, I want to update my old devices in next year.
I can add, that I need IPSEC VPN and I need Anyconnect.
So, how I understand, I can buy this models: ASA 5515-X 5512-X. But for both devices support period will end in the 2022.
Is it good idea to buy it? May be you can advice another devices.

Thank you!

Rob Ingram · ‎12-30-2020

Because the 7000 series hardware was only ever designed to run NGIPS, it is End of Life (EOL) and does not support the NGFW features. The other newer Firepower does support NGFW features including VPN.

View solution in original post

Rob Ingram · ‎12-30-2020

Hi @n.avramenko87

Well you could look at the new Firepower 1000 series hardware such as the FPR1010. If you just need Firewall and RAVPN VPN then you'd need the base license (included) and RAVPN license (additional cost). The Firepower hardware can run traditional ASA software or newer FTD. If using FTD then it can be managed locally via FDM (no cost) or purchase a license to manage via the cloud using CDO or centrally via FMC (additional cost).

n.avramenko87 · ‎12-30-2020

Thank you for information.

I need correction about fire power. Because I already have FIRE POWER 7010 in main office. Can I use it for my goals?

For example, use my firepower 7010 and buy 1010 in second officce?

balaji.bandi · ‎12-30-2020

sure you can do same for your requirement.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎12-30-2020

@n.avramenko87

No, the firepower 7010 is an NGIPS only, it does not support VPN.

You'd need either an ASA or new FPR1K series hardware.

7000 series datasheet for reference:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-7000-series-appliances/datasheet-c78-732954.html

n.avramenko87 · ‎12-30-2020

Thank you for all information!

But, I have question. Why FP 7010 does not support ?

I see many "Configuration Examples and TechNotes" for configure VPN for FP.

Rob Ingram · ‎12-30-2020

Because the 7000 series hardware was only ever designed to run NGIPS, it is End of Life (EOL) and does not support the NGFW features. The other newer Firepower does support NGFW features including VPN.

balaji.bandi · ‎12-30-2020

Cisco ASA 55XX -X model still valid and support Cisco. (if you are in budget concern).

if the budget is not an issue, i would suggest to go to Firepower 1XXX model for Longer support (cisco future model replacing ASA).

https://www.cisco.com/c/en_uk/products/security/firepower-1000-series/index.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

n.avramenko87 · ‎12-30-2020

The problem is that support is about to expire. But how I understand - it is a big difference in the price between 55XX-X and FP.

balaji.bandi · ‎12-30-2020

if i were you, i still go with ASA since no budget, this product still have life of 2 years, you may get better budget next 2 years or price may come to lower level - or @2022 you do not have any option than buy this product at the time of price.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

n.avramenko87 · ‎12-30-2020

Thank your for all your help!

Marvin Rhoads · ‎12-31-2020

Even a small Firepower 1010 has more throughput than as ASA 5510 and it costs less than an ASA 5512-X or 5515-X (even if you can still buy one from third party left over stock since Cisco has officially stopped selling them).

Reference to VPN on an old Firepower 7010 appliance are with respect to the very limited capability it had to establish a VPN to a remote device for management and transmission of security events.