From: Leigh Harrison (ccileigh@gmail.com)
Date: Tue Apr 17 2007 - 07:55:42 ART
Hey there Rik,
I work for a gold partner and when we migrate customer vpn's or build
new systems, we always go for the ASA's. They are great boxes and do so
much for what they are - and what they cost!
LH
#15331
Guyler, Rik wrote:
> I'm replacing the entire edge network for my organization later this year
> and need an opinion from the group.
>
> I have several dozen IPSec VPN tunnels to vendors that terminate currently
> on a 3660 router running 12.2T code. While I love using routers for VPN
> work due to their excellent flexibility, I find that managing a large number
> of connections is cumbersome and awkward. The inability to nest ACLs or
> create object groups makes the config (from the CLI) just crazy to work
> around in.
>
> I do have the latest version of Cisco Security Manager but don't have it up
> and running yet (waiting on the server) to see just how well it can manage
> my VPN router. If it's anything like VMS was then I won't likely use it for
> managent.
>
> Here are my possible alternatives:
>
> 1) Stay with the plan of replacing the 3660 with a pair of 3845s running
> IPSec SSO, etc. and use CSM to manage it
>
> 2) Replacing the 3660 with a pair of ASAs instead of the 3845s and use CLI,
> CSM or something else to manage it
>
> Either way, I can work through the hassle of it the way it is but I have
> others on my team that are not so comfortable with the CLI so I really want
> to use some other type of managent interface for their benefit.
>
> Any advice or opinion on the subject greatly appreciated!
>
> Rik
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:36 ART