[c-nsp] Hardware for 'managed firewall'

Gary T. Giesen giesen at snickers.org
Tue Oct 13 13:19:48 EDT 2009


We use ASA's in context mode plus some sort of IOS box (28xx, 38xx)
with VRF for both Client VPN and LAN-to-LAN VPN. Works decently...

GG

On Tue, Sep 29, 2009 at 11:34 PM, christian <christian at automatick.net> wrote:
> netscreen management (cli/NSM) is one of the worst i've ever encountered
>
> as far as the topic at hand - i agree w/ Justin's comments - what i've
> done in past is FWSM's in the chassis and a pair of asa's for vpn
> termination
>
> On Tue, Sep 29, 2009 at 8:23 PM, Dave Weis <djweis at internetsolver.com> wrote:
>>
>> On Wed, 30 Sep 2009, David Hughes wrote:
>>>
>>> On 30/09/2009, at 7:08 AM, Dave Weis wrote:
>>>>
>>>> On Tue, 29 Sep 2009, Christopher Hunt wrote:
>>>>>
>>>>> As I painfully discovered, the Cisco ASA in Multiple Context mode does
>>>>> not support IPSEC VPN clients nor L2TP3 tunnels
>>>>
>>>> That's a pretty big omission! Any ETA to add that capability?
>>>
>>> Yeah, they've never supported VPN in multi-context mode.  Major pain.  And
>>> if you are a dense hosting provider the 50 context limit (and limited
>>> performance) of a 5540 for example doesn't work too well.  These issues made
>>> us look around again and J-Vendor's boxes are making the ASA's look a bit
>>> ordinary.
>>
>> I never enjoyed working on the netscreens. I suppose if each virtual
>> firewall customer could get the same awkward web interface for self
>> provisioning it could be made to work.
>>
>> --
>> Dave Weis
>> djweis at internetsolver.com
>> http://www.internetsolver.com/
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>


More information about the cisco-nsp mailing list