How we tested Cisco appliance

We tested the ASA 5540 running prerelease Version 7.1 software in our network in Tucson, Ariz. We removed an existing NetScreen firewall and placed a high-availability pair of ASA devices as the primary firewall for one of our production subnets. The ASA 5540 stayed in place for about six weeks.

We used a Windows 2003 system as the management client, because Cisco recommended that as the best platform. We started our test by taking the policy of the old firewall and placing it in the ASA 5540.

To test the IPSec VPN, we built a site-to-site tunnel to a Nokia IPsec VPN device in our network, and left that up for much of the test. For remote access, we used Cisco's wizard to configure a basic remote access policy, and then used that for all remote access to that network for a month.

For the SSL VPN part of the ASA 5540, we tried to go through our test methodology from the December 2005 test of SSL VPN devices. Although limitations in the Cisco software kept us from completing all of the tests, we were able to get a good picture of its SSL VPN capabilities.

Finally, we verified that the high-availability functionality worked by performing abrupt power attenuation to each device, testing that it could properly fail over from master to slave, and then failover again after power had been restored.