Quagmire2
asked on
Switch from Watchguard to Cisco VPN firewalls
I currently use a combination of Watchguard's x700, SOHO 5 & 6, edge x15, edge 10 & 20 e series products. Were looking into moving to Cisco's ASA 5500 series products, specifically the 5510 and 5505 to hopefully provide better site to site VPN connections and potentially security.
Has anyone interconnected these devices via a VPN connection?
Any advice on Cisco's ASA series devices, manageability, ease of use, options, reliability? I've used several other VPN products but not Cisco so I have no idea what to expect.
We use WG's x700 at our main site so we would replace it with Cisco's 5510. Any advice? They both look like the base models have almost the same feature set.
Thanks for any help!
Has anyone interconnected these devices via a VPN connection?
Any advice on Cisco's ASA series devices, manageability, ease of use, options, reliability? I've used several other VPN products but not Cisco so I have no idea what to expect.
We use WG's x700 at our main site so we would replace it with Cisco's 5510. Any advice? They both look like the base models have almost the same feature set.
Thanks for any help!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
dpk_wal,
Since this is unknown terrritory, I would like to know that the ASA 5510 is going to have all the features that the x700 has and more. I know that with the 5510 I will not be able to have both intrusion prevention and web content filtering since these are SSM modules and it can only handle one unlike the WG x700 that you install a feature key. Without the intrusion prevention and web blocker(web content filter), will the ASA match up and exceed the x700 w/ fireware pro?
The other question was about creating VPN tunnels between the 2 different vendors devices. I've created tunnels between WG and other vendor products and it took a while to figure out what settings would work between the 2. I know that IPSec is supposed to be a standard, but it seemed that it would only work a few ways and not every option such as 3des, Des, MD5 or SHA1 and Diffie-Helman Group created a tunnel. Are there going to be any gotcha's that I will find between the ASA series and WG products since we would gradually migrate from WG to Cisco?
Since this is unknown terrritory, I would like to know that the ASA 5510 is going to have all the features that the x700 has and more. I know that with the 5510 I will not be able to have both intrusion prevention and web content filtering since these are SSM modules and it can only handle one unlike the WG x700 that you install a feature key. Without the intrusion prevention and web blocker(web content filter), will the ASA match up and exceed the x700 w/ fireware pro?
The other question was about creating VPN tunnels between the 2 different vendors devices. I've created tunnels between WG and other vendor products and it took a while to figure out what settings would work between the 2. I know that IPSec is supposed to be a standard, but it seemed that it would only work a few ways and not every option such as 3des, Des, MD5 or SHA1 and Diffie-Helman Group created a tunnel. Are there going to be any gotcha's that I will find between the ASA series and WG products since we would gradually migrate from WG to Cisco?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We used to use the DVCP option several years ago, 2002, but WG actually told us to migrate to manual BOVPNs.
I set it up again about 6 months ago but with the release of several software versions in a short period of time, I was iritated that I had to resetup each device after the updates.
I set it up again about 6 months ago but with the release of several software versions in a short period of time, I was iritated that I had to resetup each device after the updates.
Do you wish to know if you can replace X700 with ASA, OR
You wish to know if you can create tunnels between ASA and other WG products (interoperability)
Well the answer is YES for both the above questions.
ASA is a product from the market leader and would give you all the features you wish. If you are looking at manageability using a simplified GUI; I always refer WG (I would say more of a personal choice!)
Please let know if you need more inputs about a specific thing.
Thank you.