04-27-2012 02:07 AM
Hi,
we are using a Concentrator 3030 for Site to Site connection only. Now we heard roomors about Security issues. Is it a risk to use this device?
Thank you for Answering!
Gr Leif
Here‘s the Version:
VPN Concentrator Type: 3030
Serial Number:
Bootcode Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 2.5.Rel Jun 21 2000 18:57:52
Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.2.P Jul 30 2008 15:10:24
Solved! Go to Solution.
04-27-2012 02:26 AM
Consider that VPN concentrator will be end of life in August:
and that last time software was updated in 2008.
I think it's fair to say some of the vulnurabilites (especially around SSL and TLS) could have affected VPN3k too.
For details as usual go to PSIRT page.
04-27-2012 05:54 AM
Minimum: 2900 series router (or even 2800 should be able to handle that amount ... as per specs). Newer is better of course.
ISR generation 2 will require licenses - hsec-k9 would be the one for you AFAIR.
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf
ASA 5540 is you want to go that way:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b
If you want only IPsec (IKEv1 or IKEv2) ISR G2 is the way to go.
M.
04-27-2012 02:26 AM
Consider that VPN concentrator will be end of life in August:
and that last time software was updated in 2008.
I think it's fair to say some of the vulnurabilites (especially around SSL and TLS) could have affected VPN3k too.
For details as usual go to PSIRT page.
04-27-2012 02:46 AM
Hi,
Thanks for the fast response.
you are right, it’s not a new Product
SSL and TLS is disabled in our Config, only Lan to Lan is used.
Gr
Leif
04-27-2012 05:10 AM
Hello Leif,
End of August the product will be obsolete.
U should consider migrating from VPN3000 to Cisco ISR's
Cheers,
04-27-2012 05:37 AM
Hi Olpeleri,
thx,
yea hard for me to realize this, what would be an adequate successor for up to 1000 Site to Site Connections with very low traffic?
04-27-2012 05:54 AM
Minimum: 2900 series router (or even 2800 should be able to handle that amount ... as per specs). Newer is better of course.
ISR generation 2 will require licenses - hsec-k9 would be the one for you AFAIR.
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf
ASA 5540 is you want to go that way:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~tab-b
If you want only IPsec (IKEv1 or IKEv2) ISR G2 is the way to go.
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide