Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1230
Views
5
Helpful
5
Replies

Concentrator 3030 unsecure ?

Go to solution
Leif Hansen
Level 1
Level 1

‎04-27-2012 02:07 AM

Hi,
we are using a Concentrator 3030 for Site to Site connection only. Now we heard roomors about Security issues. Is it a risk to use this device?
Thank you for Answering!
Gr Leif

Here‘s the Version:


VPN Concentrator Type: 3030
Serial Number:
Bootcode Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 2.5.Rel Jun 21 2000 18:57:52
Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.2.P Jul 30 2008 15:10:24

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎04-27-2012 02:26 AM

Consider that VPN concentrator will be end of life in August:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/prod_end-of-life_notice0900aecd805cd5a0.html

and that last time software was updated in 2008.

I think it's fair to say some of the vulnurabilites (especially around SSL and TLS) could have affected VPN3k too.

For details as usual go to PSIRT page.

View solution in original post

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Leif Hansen

‎04-27-2012 05:54 AM

Minimum: 2900 series router (or even 2800 should be able to handle that amount ... as per specs). Newer is better of course.

ISR generation 2 will require licenses - hsec-k9 would be the one for you AFAIR.

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

ASA 5540 is you want to go that way:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b

If you want only IPsec (IKEv1 or IKEv2) ISR G2 is the way to go.

M.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎04-27-2012 02:26 AM

Consider that VPN concentrator will be end of life in August:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/prod_end-of-life_notice0900aecd805cd5a0.html

and that last time software was updated in 2008.

I think it's fair to say some of the vulnurabilites (especially around SSL and TLS) could have affected VPN3k too.

For details as usual go to PSIRT page.

Go to solution
Leif Hansen
Level 1
Level 1
In response to Marcin Latosiewicz

‎04-27-2012 02:46 AM

Hi,

Thanks for the fast response.

you are right, it’s not a new Product

SSL and TLS is disabled in our Config, only Lan to Lan is used.

Gr

Leif

0 Helpful

Go to solution
olpeleri
Cisco Employee
Cisco Employee
In response to Leif Hansen

‎04-27-2012 05:10 AM

Hello Leif,

End of August the product will be obsolete.

U should consider migrating from VPN3000 to Cisco ISR's

Cheers,

0 Helpful

Go to solution
Leif Hansen
Level 1
Level 1
In response to olpeleri

‎04-27-2012 05:37 AM

Hi Olpeleri,

thx,

yea hard for me to realize this, what would be an adequate successor for up to 1000 Site to Site Connections with very low traffic?

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Leif Hansen

‎04-27-2012 05:54 AM

Minimum: 2900 series router (or even 2800 should be able to handle that amount ... as per specs). Newer is better of course.

ISR generation 2 will require licenses - hsec-k9 would be the one for you AFAIR.

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

ASA 5540 is you want to go that way:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b

If you want only IPsec (IKEv1 or IKEv2) ISR G2 is the way to go.

M.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents