Announcement:Cisco Communities NOT Affected by Heartbleed Vulnerability
talentintelligence

SA 540 Issues

Posted by talentintelligence Apr 9, 2010

Due to a bandwidth upgrade we decided to change our old Fortinet due to the processor (7 year old device) not having our required VPN throughput.  We tried to source a ASA55050 in Australia, however there is an 8 week backorder.  The local Cisco reseller talked us into the SA540 as being "what they are recommeding to people who need a device now" so we took them up on the offer.

The Cisco certified Engineer came out to install the device during business hours (we scheduled a 2 hour outage while the bulk of the office was elsewhere training) and he was unable to get it working.

 

Issues we had:

 

1.  IPSEC VPN (to an ASA5510 that runs 7 site-to-site links without issue) would stay up until first re-key and then fail.

2.  Firewall would seemingly "freeze" and take the WAN link down (affecting ISP's status as we have direct fibre link).  During this "freeze" we are unable to access device to log in or even ping it.

3.  With VPN's disabled, the device would also cease to function for periods (around 2 minutes) and then start working again. albeit with impeded throughput.

 

We initially did a factor reset of the device to no avail.

 

We downloaded the latest firmware (1.1.21), which wiped our configuration totally.  We reconfigured with basic configuration and it too fails.

 

Our VPN is essential to us as we use terminal services from our DC.  I am certain I could go down to the local computer shop and pick up a Netgear SOHO product that would perform better than this for 10% of the cost!

 

I have noticed that other people have had similar issue to this and it shocks me that Cisco would release such an immature product.  We have configured 2 firewall rules only (so really simple configuration) and cannot maintain a stable VPN.  Disconnect the Cisco and plug in old faithful Fortinet and everyting performs as expected.

 

(see https://cisco-marketing.hosted.jivesoftware.com/thread/9361)

(see https://cisco-marketing.hosted.jivesoftware.com/thread/10829)

 

There are some serioulsy better kits out there and you expect that a brand like Cisco would provide some reliability in basic networking .

 

Any suggestions most welcome as our office has experienced too much downtime, a cost that cannot be recovered.