ASA 5505 Pre Purchase Question

We just got a T1 line for a small office about 15 users and I am looking to purchase a Firewall device I've been looking for something that is relatively easy to manage and maintain.

I was recommended the Cisco 1800 but i wanted something more low maintenance and a bit lower in price.

The primary use of this T1 will be for VPN access, and the VPN will be PPTP not IPSec as it is much faster, for a few people who'll need to connect every now and then when they are away from the office, this would be for heavy financial applications. Plus we run a mailserver and ftp etc, no heavy use its for 10 people.

I am looking to find out if the ASA 5505 will suffice our needs and would be a good reliable product.

- I need to be able to NAT (we have 3 public IP's for different services) not port forward, can i do this with the ASA5505 ?
- We use Web Proxy from another provider so surfing will be minor, but ASA 5505 says it can be use for anti-spyware anti-virus, does this model provide that support ?
- Does this provide the intrution detection ?
- We are a very closed enviroment that needs to be higly secure due to the financial nature of business.

Any other info or clariffication would be appreciated.

Thanks in advance.
z969307Asked:
Who is Participating?
 
nodiscoCommented:
* I saw the link you provided, thanks, so basically, the ASA 5505 is scaled down and not very modular like the 5510, and I won't be able to add the Content Security Contol, thats what i wanted to clarify.
Correct - the 5505 is a smaller model aimed a branch offices that do not need the same functionality.  

* Also, wasn't sure what IPS was [ Concurrent threat mitigation throughput (firewall + IPS services) ] as it is not available on the 5505 and if it was something that i should be concerned about and should get.
5505 doesn't support the AIP-SSM module (for IPS) the first model up to do this is a the 5510

* It also says High Availability not supported what would this imply ?
Active/Active stateless mode is supported from 5510 models up (with the appropriate lic).  This allows 2 ASA devices to function together load balancing requests as well as acting as failover for each other.  The 5505 just support Active/Standby - where the 2nd 5505 comes to life when the primary fails (also requires additional lic)

* Security contexts (included/maximum) 0 on 5505, what is this ?
Security contexts are like virtual firewalls.  There is one physical device and you can "partition" it into several virtual devices that each have their own interfaces/ips etc to manage different network segments - these are called security contexts.  Again - only really used in a large office environment - or a classroom situation.

cheers


0
 
nodiscoCommented:
hi

Firstly to clarify - your T1 must already be terminated as an ASA will not terminate a T1 - you must have an edge router/ISP router to do this and provide the Ethernet handover to the firewall

ASA series does not support PPTP termination - so you cannot use it as a PPTP server (you can use it for pass through to an internal PPTP server though)  Cisco have removed this functionality as IPSec is a far more secure option.

Natting and port forwarding - no problem

Anti-spyware and anti-virus - the ASA series uses different modules to support different types of functionality - these are not default options but add-ons - VPN concentrator, IDS etc

Here is an excellent link showing you all of the aspects of the ASA series, the models and spec sheets, the modules and their parameters:
http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html

hth
0
 
z969307Author Commented:
Thanks for the reply.

- The T1 is already terminated out and handed to us via an Ethernet cable by the ISP.  

- I am running an internal Win2k3 RRAS PPTP VPN currently and would like to continue using that.

* I saw the link you provided, thanks, so basically, the ASA 5505 is scaled down and not very modular like the 5510, and I won't be able to add the Content Security Contol, thats what i wanted to clarify.

* Also, wasn't sure what IPS was [ Concurrent threat mitigation throughput (firewall + IPS services) ] as it is not available on the 5505 and if it was something that i should be concerned about and should get.

* It also says High Availability not supported what would this imply ?

* Security contexts (included/maximum) 0 on 5505, what is this ?

If this can be clarified I would appreciate it.
Thanks
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
z969307Author Commented:
thanks for the clarification so do u think in your opinion the ASA 5505 would be a good choice for my needs ? Do you know of any other alternatives in the same price range with similar or better capabilities ?
Thanks.
0
 
nodiscoCommented:
hi

For email, VPN (through a translated PPTP server) small office size and easy of management, the ASA5505 is perfect in my opinion.  ASDM GUI for control if you are not comfortable with Cisco CLI etc.

cheers
0
 
z969307Author Commented:
Thanks for your assistance, I'll go ahead and get one tomorrow.
Do you think in conjunction with the PPTP VPN, can I utilize the 2 IPSec VPN that come with it ? do i need to get the cisco client for that ? is one faster over the other ?

If i have more questions i'll post again.
0
 
nodiscoCommented:
You can use the ASA as an IPSec VPN server its no faster or slower than PPTP but its far more secure.

cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.