ASA 5505 Functionality Questions

Hello,

I am quite novice in the Cisco arena so these questions should be fairly simple. I am building a home lab for Exchange 2007/ ISA 2006 using ESX. I am comfortable with most MS/ESX technology, but I would like to work more with Cisco. Below are some questions about an ASA that I would like to be the external facing firewall for my home lab. There is much I want to do with the lab but most importantly is that the Exchange lab will be able to send/receive internet mail.

1. I will have multiple external facing servers, as well as internal. Will this ASA handle reverse NAT (or PAT is it called?) to multiple devices/servers? For example, I want mail to flow through my Exchange Edge for spam filtering, but my OWA and RPC/HTTPs through my ISA server.

2. Looking at the specs it looks like it comes with VPN capabilities. Will this work out of the box, or do I need licenses for more 1 person only?
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html 

3. Will I need a client for VPN connection?

4. I have other Cisco hardware that I recently purchased (2 X 2600 series routers, 1 X 2950 switch). Can I easily integrate this hardware to the ASA if need be in the future?

5. Can i easily segment my internal network into DMZs with this product, or would that take some custom configuration?


Thank you in advance for your time and effort.
tjtresselAsked:
Who is Participating?
 
Voltz-dkConnect With a Mentor Commented:
Hope this helps you..

1) Yes.  I believe they call it port forwarding or redirection.
2) It works right out of the box, but you may initially be limited to DES - it should be free to upgrade though (by registering).  The amount of VPNs you can establish at once (10 vs 25) is determined from the actual license you have.  If it isn't VPN edition or Security Plus, it may not support SSL VPN & webVPN, but will still do "regular" VPN.
3) For the standard remote access VPN, yes.  But this should be shipped with the device.
4) Yes.
5) Only security plus license is listed as supporting DMZ. (I don't have experience with any other)
6) Not 100%, but nowadays it's VERY close.  It varies slightly with the actual software versions I believe.
7) Yes.  Although probably not if they are configured for "transparent mode" - I don't know that too well.
0
 
tjtresselAuthor Commented:
Further questions:

6. Is the same functionality in its GUI as is in the CLI?

7. Does do all ASA's do stateful packet inspection?
0
All Courses

From novice to tech pro — start learning today.