Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Cisco Recommendations

Posted on 2006-04-11
Medium Priority
Last Modified: 2013-11-16
I'm going to be hosting several (probably around 20 to 30) terminal servers for remote clients. I'm looking for a recommendation for a Cisco firewall. I'm considering the ASA 5510. Each client will have a unique "real world" IP address that they use to connect. The firewall will have subinterfaces for these connections. On the back side of the firewall, the terminal servers will be using ip address in the private range. I want the clients to use a real-world IP address and the firewall to forward the traffic (after checking it) to the appropriate internal server.

Is it overkill to use the ASA 5510? Does someone have a different recommendation??

Thanks for the help!!
Question by:wjester
  • 2

Expert Comment

ID: 16432445
Hey wjester,

It probably is overkill if those are your only requirement.  The ASA's are awesome... I'm working with quite a number of them and they are really great, but if the requirements that you listed are it... almost any firewall has the performance and abilities that you need. You could even use one of the soho 871 routers from Cisco for the NAT'ting that you require.  Now having said that I just reread your post and now see the stipulation about the sub-interfaces... In terms of those if you are trying to segment each of the terminal servers from each other as well by using sub-interfaces and vlans then I don't think the 871 will do it (I'm not sure... I know they support vlans, but I don't know about sub-interfaces)  What switch and/or router are you using?  Any of the new cisco integrated routers (1800, 2800s, etc) with the advanced security set will support the natting you require and the sub-interfaces (as does the ASA).  

Author Comment

ID: 16432498
Thanks for the reply techeez...
I was thinking about utilizing the subinterfaces on the firewall and vlans on the switch to keep everything seperate. I'm using Dell 3000 series switches. I'm not using a router as the Internet provider I have is providing the ip address block. Do you think I'd be better of using a Cisco router (2800 series, for example) with the appropriate security and firewall software on it?? I kinda like the ASA firewalls because they are (for the most part) geared for what I'm looking to do.

Accepted Solution

techeez earned 2000 total points
ID: 16432990
I don't know about the subinterfaces and the dell (Is is the 33xx series or?)... You would have to test it out and ensure that the subinterfaces worked correctly on the trunk port on the switch...  If it does then you would be fine with the asa or the 2800/1800 series.  As for which is better... at the end of the day your requirements are such that I think either are appropriate I'm not sure what your budget is, or what the various price differences are... It would depend on whether or not you think you will have any need for any of the advanced firewall features of the ASA (which are plentiful :) ) If you think you might ever be looking at an IPS system or traffic inspection, etc. then the asa is going to do better in the long run.


Expert Comment

ID: 16438981
You might want to look at Juniper. Prices are comparable or cheaper than Cisco, and you get comparable or better performance.

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question