wjester
asked on
Cisco Recommendations
I'm going to be hosting several (probably around 20 to 30) terminal servers for remote clients. I'm looking for a recommendation for a Cisco firewall. I'm considering the ASA 5510. Each client will have a unique "real world" IP address that they use to connect. The firewall will have subinterfaces for these connections. On the back side of the firewall, the terminal servers will be using ip address in the private range. I want the clients to use a real-world IP address and the firewall to forward the traffic (after checking it) to the appropriate internal server.
Is it overkill to use the ASA 5510? Does someone have a different recommendation??
Thanks for the help!!
Is it overkill to use the ASA 5510? Does someone have a different recommendation??
Thanks for the help!!
ASKER
Thanks for the reply techeez...
I was thinking about utilizing the subinterfaces on the firewall and vlans on the switch to keep everything seperate. I'm using Dell 3000 series switches. I'm not using a router as the Internet provider I have is providing the ip address block. Do you think I'd be better of using a Cisco router (2800 series, for example) with the appropriate security and firewall software on it?? I kinda like the ASA firewalls because they are (for the most part) geared for what I'm looking to do.
I was thinking about utilizing the subinterfaces on the firewall and vlans on the switch to keep everything seperate. I'm using Dell 3000 series switches. I'm not using a router as the Internet provider I have is providing the ip address block. Do you think I'd be better of using a Cisco router (2800 series, for example) with the appropriate security and firewall software on it?? I kinda like the ASA firewalls because they are (for the most part) geared for what I'm looking to do.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You might want to look at Juniper. Prices are comparable or cheaper than Cisco, and you get comparable or better performance.
www.juniper.net
Jim
www.juniper.net
Jim
It probably is overkill if those are your only requirement. The ASA's are awesome... I'm working with quite a number of them and they are really great, but if the requirements that you listed are it... almost any firewall has the performance and abilities that you need. You could even use one of the soho 871 routers from Cisco for the NAT'ting that you require. Now having said that I just reread your post and now see the stipulation about the sub-interfaces... In terms of those if you are trying to segment each of the terminal servers from each other as well by using sub-interfaces and vlans then I don't think the 871 will do it (I'm not sure... I know they support vlans, but I don't know about sub-interfaces) What switch and/or router are you using? Any of the new cisco integrated routers (1800, 2800s, etc) with the advanced security set will support the natting you require and the sub-interfaces (as does the ASA).