Re: Requirement azure cisco asa5505

adgarph66 · ‎11-21-2019

Hi, we need to move our network environment on the cloud.

The reason is that we have all our servers and sql servers on OS Windows server 2008 R2.

Since Microsoft end of support is january 2020, they agree to support us for a couple of years after the end if we move our environment on Azure.

We have a couple of ASA5505 devices.

Our primary research suggest that these devices may not be suitable to do VPN Tunneling with Azure.

CF: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-3rdparty-device-config-cisco-asa

ASA device support
Support for IKEv2 requires ASA version 8.4 and later.

Support for DH Group and PFS Group beyond Group 5 requires ASA version 9.x.

Support for IPsec Encryption with AES-GCM and IPsec Integrity with SHA-256, SHA-384, or SHA-512, requires ASA version 9.x.
This support requirement applies to newer ASA devices. At the time of publication, ASA models 5505, 5510, 5520, 5540, 5550, and 5580
do not support these algorithms. Consult your VPN device specifications to verify the algorithms that are supported for your VPN device models and firmware versions.

Can someone tell me if the ASA5505 will allow us to do the job or do we need to purchase newer devices. If so, what model do you suggest.

Thanks

balaji.bandi · ‎11-21-2019

see here good explanation of what model to buy depends on your requirement ( route-based or policy-based )

https://www.petenetlive.com/KB/Article/0001166

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Bishop17337 · ‎02-14-2020

In this post we are going to link an Azure Virtual Network to on an premise network via a Cisco ASA talktowendys.