Advice on upgrading from ASA 5510 standalone

marioderosa2008 · ‎05-02-2014

Hi all,

I would like some advice on the best upgrade path for our current site-to-site vpn solution. Currently we only have a single ASA 5510 which is solely used to terminate Site-to-Site VPNs.

The ASA is around 5 years old and running code 7.2 (3), it has 256MB Flash and 256MB RAM.

I have looked at the interface useage and it rarely peaks over 2mbps throughput. Because of this I do not believe that I need to go higher spec than a 5510.

Is it possible to mix and match Cisco ASA model numbers in an Active/Standby HA setup?

Do you know whether my existing ASA will be able to run the latest code, or will I need a memory and flash upgrade?

Are 5510's going to be around for a while now that the new "X" range of ASA's are out?

Thanks

Mario De Rosa

kevin_giusti · ‎05-02-2014

You cannot mix and match ASA models in a HA pair.

Your 5510 will require 1Gb of RAM to run any code later than 8.3.

The latest you can go on a 5510 is 9.1.5 while the current version is 9.2.1.

The 5510s are end of life you should look at getting a X series ASA.

marioderosa2008 · ‎05-07-2014

Many Thanks!

Marvin Rhoads · ‎05-02-2014

Seconding what Kevin said. Here is the End-of-Sale and End-of-Life Announcement for the Cisco ASA 5510. 9.2 and later will not be developed for any of the end-of-sales devices.

If you consider replacing it, the 5512-X is the new entry model (excluding the 5505). If you think you are going to put in an HA pair, you're better advised to go to the 5515-X as the price is roughly equivalent when you take into account you need to add the Security Plus license on the 5512-X to enable failover.

You also have the option with the X series of adding the SSD and licensing the NGFW features like AVC, WSE and IPS to give you full web filtering and application visibility etc.

marioderosa2008 · ‎05-07-2014

Many Thanks!