12-30-2020 05:20 AM
Hello, Friends! I need your advice.
I use ASA5510 on the edge on network.(I have two offices and two devices)
In plan, I want to update my old devices in next year.
I can add, that I need IPSEC VPN and I need Anyconnect.
So, how I understand, I can buy this models: ASA 5515-X 5512-X. But for both devices support period will end in the 2022.
Is it good idea to buy it? May be you can advice another devices.
Thank you!
Solved! Go to Solution.
12-30-2020 06:16 AM
Because the 7000 series hardware was only ever designed to run NGIPS, it is End of Life (EOL) and does not support the NGFW features. The other newer Firepower does support NGFW features including VPN.
12-30-2020 05:25 AM - edited 12-30-2020 05:27 AM
Well you could look at the new Firepower 1000 series hardware such as the FPR1010. If you just need Firewall and RAVPN VPN then you'd need the base license (included) and RAVPN license (additional cost). The Firepower hardware can run traditional ASA software or newer FTD. If using FTD then it can be managed locally via FDM (no cost) or purchase a license to manage via the cloud using CDO or centrally via FMC (additional cost).
12-30-2020 05:35 AM
Thank you for information.
I need correction about fire power. Because I already have FIRE POWER 7010 in main office. Can I use it for my goals?
For example, use my firepower 7010 and buy 1010 in second officce?
12-30-2020 05:38 AM
sure you can do same for your requirement.
12-30-2020 05:42 AM - edited 12-30-2020 05:46 AM
No, the firepower 7010 is an NGIPS only, it does not support VPN.
You'd need either an ASA or new FPR1K series hardware.
7000 series datasheet for reference:
12-30-2020 05:56 AM
Thank you for all information!
But, I have question. Why FP 7010 does not support ?
I see many "Configuration Examples and TechNotes" for configure VPN for FP.
12-30-2020 06:16 AM
Because the 7000 series hardware was only ever designed to run NGIPS, it is End of Life (EOL) and does not support the NGFW features. The other newer Firepower does support NGFW features including VPN.
12-30-2020 05:26 AM
Cisco ASA 55XX -X model still valid and support Cisco. (if you are in budget concern).
if the budget is not an issue, i would suggest to go to Firepower 1XXX model for Longer support (cisco future model replacing ASA).
https://www.cisco.com/c/en_uk/products/security/firepower-1000-series/index.html
12-30-2020 05:37 AM
The problem is that support is about to expire. But how I understand - it is a big difference in the price between 55XX-X and FP.
12-30-2020 06:23 AM
if i were you, i still go with ASA since no budget, this product still have life of 2 years, you may get better budget next 2 years or price may come to lower level - or @2022 you do not have any option than buy this product at the time of price.
12-30-2020 06:57 AM
Thank your for all your help!
12-31-2020 07:25 PM
Even a small Firepower 1010 has more throughput than as ASA 5510 and it costs less than an ASA 5512-X or 5515-X (even if you can still buy one from third party left over stock since Cisco has officially stopped selling them).
Reference to VPN on an old Firepower 7010 appliance are with respect to the very limited capability it had to establish a VPN to a remote device for management and transmission of security events.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide