VPN between Cisco ASA 5505 and Netgear FVS318

I have a client with a Cisco ASA 5505 in their main office.  They need to get a VPN setup between that and 2 of their remote offices.  Each office has/will have a static IP address.  My original plan was to purchase additional Cisco ASAs for each site but the models are constrained from all my vendors and even CDW and PCConnection.  I was looking at the Netgear FVS318 and I think it will work as a VPN endpoint.  Has anyone ran this configuration?  Any other thoughts?
LiberatingInsightAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gavvingCommented:
Cisco ASA supply is very tight right now unfortunately.  We have the same problem for new installs.  

As for the Netgear, I have a customer using netgears to terminate VPN tunnels to an ASA, but occasionally they do have problems and have to reboot the netgear to get the tunnel to reconnect.  It appears that sometimes the tunnel gets disconnected unexpectedly and it will fail to reconnect until after the keepalive period has expired on the ASA.  If I manually clear the ASA's crypto information and they reboot the netgear it will reconnect.  It something that doesn't happen very often though.  

Another device I might recommend would be the Cisco/Linksys RV082.  But even with that product there would be issues with tunnels not reconnecting correctly.  The client using those to terminate against an ASA ended up switching out to 5505's eventually.  

Sonicwall/Cisco, Juniper/Cisco, and even Checkpoint/Cisco appear to be pretty solid from my experience, but I don't have as much long term experience with those particular combinations.  Just one off setups that appear to not have any problems.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LiberatingInsightAuthor Commented:
I ended up finding a used Cisco PIX 501 that I had replaced for a client.  I installed it and have the tunnel working finally but I am having some issues where the users say they loose connection and then it comes back in a few mins.  I don't know what to blame it on.  A good part of me says it is bandwidth issues since both sides are on cable internet service and also they are running VoIP phones and a LoB program that is not made for WAN deployment.  Has anyone heard of Cisco ASA 5505 to PIX 501 (6.3) having issues?
0
gavvingCommented:
Ordinarily I don't have any problems with VPN connections between ASA5505's and PIX 501s, if the VPN is configured correctly.   You might check to make sure that the VPN is capable of being initiated from either direction.  I.e. you should be able to clear the VPN using the commands:

clear crypto ipsec sa
clear crypto isakmp sa

(may need parameters if you only want to clear one tunnel)

Then initiate a ping from one side to device on the other side that responds to ping.  It should drop one may be 2 pings then come up and start responding.  If it doesn't come up like that for both sides then you may have a config problem that's not allowing traffic from either end to initiate the tunnel.

FYI you might want to open a new question regarding this problem.
0
Rick_at_ptscintiCommented:
Sounds like a mismatch in the key lifetime.  Thats one of the few settings that will allow the tunnel to start initially without matching on both ends.  The lifetime will expire on one end but the remote end won't allow a new session to that node because it still sees the old key.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.