04-27-2012 02:07 AM
Hi,
we are using a Concentrator 3030 for Site to Site connection only. Now we heard roomors about Security issues. Is it a risk to use this device?
Thank you for Answering!
Gr Leif
Here‘s the Version:
VPN Concentrator Type: 3030
Serial Number:
Bootcode Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 2.5.Rel Jun 21 2000 18:57:52
Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.2.P Jul 30 2008 15:10:24
Solved! Go to Solution.
04-27-2012 02:26 AM
Consider that VPN concentrator will be end of life in August:
and that last time software was updated in 2008.
I think it's fair to say some of the vulnurabilites (especially around SSL and TLS) could have affected VPN3k too.
For details as usual go to PSIRT page.
04-27-2012 05:54 AM
Minimum: 2900 series router (or even 2800 should be able to handle that amount ... as per specs). Newer is better of course.
ISR generation 2 will require licenses - hsec-k9 would be the one for you AFAIR.
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf
ASA 5540 is you want to go that way:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b
If you want only IPsec (IKEv1 or IKEv2) ISR G2 is the way to go.
M.
04-27-2012 02:26 AM
Consider that VPN concentrator will be end of life in August:
and that last time software was updated in 2008.
I think it's fair to say some of the vulnurabilites (especially around SSL and TLS) could have affected VPN3k too.
For details as usual go to PSIRT page.
04-27-2012 02:46 AM
Hi,
Thanks for the fast response.
you are right, it’s not a new Product
SSL and TLS is disabled in our Config, only Lan to Lan is used.
Gr
Leif
04-27-2012 05:10 AM
Hello Leif,
End of August the product will be obsolete.
U should consider migrating from VPN3000 to Cisco ISR's
Cheers,
04-27-2012 05:37 AM
Hi Olpeleri,
thx,
yea hard for me to realize this, what would be an adequate successor for up to 1000 Site to Site Connections with very low traffic?
04-27-2012 05:54 AM
Minimum: 2900 series router (or even 2800 should be able to handle that amount ... as per specs). Newer is better of course.
ISR generation 2 will require licenses - hsec-k9 would be the one for you AFAIR.
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf
ASA 5540 is you want to go that way:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b
If you want only IPsec (IKEv1 or IKEv2) ISR G2 is the way to go.
M.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: