ASA 5505 Pre Purchase Question
We just got a T1 line for a small office about 15 users and I am looking to purchase a Firewall device I've been looking for something that is relatively easy to manage and maintain.
I was recommended the Cisco 1800 but i wanted something more low maintenance and a bit lower in price.
The primary use of this T1 will be for VPN access, and the VPN will be PPTP not IPSec as it is much faster, for a few people who'll need to connect every now and then when they are away from the office, this would be for heavy financial applications. Plus we run a mailserver and ftp etc, no heavy use its for 10 people.
I am looking to find out if the ASA 5505 will suffice our needs and would be a good reliable product.
- I need to be able to NAT (we have 3 public IP's for different services) not port forward, can i do this with the ASA5505 ?
- We use Web Proxy from another provider so surfing will be minor, but ASA 5505 says it can be use for anti-spyware anti-virus, does this model provide that support ?
- Does this provide the intrution detection ?
- We are a very closed enviroment that needs to be higly secure due to the financial nature of business.
Any other info or clariffication would be appreciated.
Thanks in advance.
I was recommended the Cisco 1800 but i wanted something more low maintenance and a bit lower in price.
The primary use of this T1 will be for VPN access, and the VPN will be PPTP not IPSec as it is much faster, for a few people who'll need to connect every now and then when they are away from the office, this would be for heavy financial applications. Plus we run a mailserver and ftp etc, no heavy use its for 10 people.
I am looking to find out if the ASA 5505 will suffice our needs and would be a good reliable product.
- I need to be able to NAT (we have 3 public IP's for different services) not port forward, can i do this with the ASA5505 ?
- We use Web Proxy from another provider so surfing will be minor, but ASA 5505 says it can be use for anti-spyware anti-virus, does this model provide that support ?
- Does this provide the intrution detection ?
- We are a very closed enviroment that needs to be higly secure due to the financial nature of business.
Any other info or clariffication would be appreciated.
Thanks in advance.
ASKER
Thanks for the reply.
- The T1 is already terminated out and handed to us via an Ethernet cable by the ISP.
- I am running an internal Win2k3 RRAS PPTP VPN currently and would like to continue using that.
* I saw the link you provided, thanks, so basically, the ASA 5505 is scaled down and not very modular like the 5510, and I won't be able to add the Content Security Contol, thats what i wanted to clarify.
* Also, wasn't sure what IPS was [ Concurrent threat mitigation throughput (firewall + IPS services) ] as it is not available on the 5505 and if it was something that i should be concerned about and should get.
* It also says High Availability not supported what would this imply ?
* Security contexts (included/maximum) 0 on 5505, what is this ?
If this can be clarified I would appreciate it.
Thanks
- The T1 is already terminated out and handed to us via an Ethernet cable by the ISP.
- I am running an internal Win2k3 RRAS PPTP VPN currently and would like to continue using that.
* I saw the link you provided, thanks, so basically, the ASA 5505 is scaled down and not very modular like the 5510, and I won't be able to add the Content Security Contol, thats what i wanted to clarify.
* Also, wasn't sure what IPS was [ Concurrent threat mitigation throughput (firewall + IPS services) ] as it is not available on the 5505 and if it was something that i should be concerned about and should get.
* It also says High Availability not supported what would this imply ?
* Security contexts (included/maximum) 0 on 5505, what is this ?
If this can be clarified I would appreciate it.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for the clarification so do u think in your opinion the ASA 5505 would be a good choice for my needs ? Do you know of any other alternatives in the same price range with similar or better capabilities ?
Thanks.
Thanks.
hi
For email, VPN (through a translated PPTP server) small office size and easy of management, the ASA5505 is perfect in my opinion. ASDM GUI for control if you are not comfortable with Cisco CLI etc.
cheers
For email, VPN (through a translated PPTP server) small office size and easy of management, the ASA5505 is perfect in my opinion. ASDM GUI for control if you are not comfortable with Cisco CLI etc.
cheers
ASKER
Thanks for your assistance, I'll go ahead and get one tomorrow.
Do you think in conjunction with the PPTP VPN, can I utilize the 2 IPSec VPN that come with it ? do i need to get the cisco client for that ? is one faster over the other ?
If i have more questions i'll post again.
Do you think in conjunction with the PPTP VPN, can I utilize the 2 IPSec VPN that come with it ? do i need to get the cisco client for that ? is one faster over the other ?
If i have more questions i'll post again.
You can use the ASA as an IPSec VPN server its no faster or slower than PPTP but its far more secure.
cheers
cheers
Firstly to clarify - your T1 must already be terminated as an ASA will not terminate a T1 - you must have an edge router/ISP router to do this and provide the Ethernet handover to the firewall
ASA series does not support PPTP termination - so you cannot use it as a PPTP server (you can use it for pass through to an internal PPTP server though) Cisco have removed this functionality as IPSec is a far more secure option.
Natting and port forwarding - no problem
Anti-spyware and anti-virus - the ASA series uses different modules to support different types of functionality - these are not default options but add-ons - VPN concentrator, IDS etc
Here is an excellent link showing you all of the aspects of the ASA series, the models and spec sheets, the modules and their parameters:
http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html
hth