ASA 5505 Functionality Questions


I am quite novice in the Cisco arena so these questions should be fairly simple. I am building a home lab for Exchange 2007/ ISA 2006 using ESX. I am comfortable with most MS/ESX technology, but I would like to work more with Cisco. Below are some questions about an ASA that I would like to be the external facing firewall for my home lab. There is much I want to do with the lab but most importantly is that the Exchange lab will be able to send/receive internet mail.

1. I will have multiple external facing servers, as well as internal. Will this ASA handle reverse NAT (or PAT is it called?) to multiple devices/servers? For example, I want mail to flow through my Exchange Edge for spam filtering, but my OWA and RPC/HTTPs through my ISA server.

2. Looking at the specs it looks like it comes with VPN capabilities. Will this work out of the box, or do I need licenses for more 1 person only? 

3. Will I need a client for VPN connection?

4. I have other Cisco hardware that I recently purchased (2 X 2600 series routers, 1 X 2950 switch). Can I easily integrate this hardware to the ASA if need be in the future?

5. Can i easily segment my internal network into DMZs with this product, or would that take some custom configuration?

Thank you in advance for your time and effort.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tjtresselAuthor Commented:
Further questions:

6. Is the same functionality in its GUI as is in the CLI?

7. Does do all ASA's do stateful packet inspection?
Hope this helps you..

1) Yes.  I believe they call it port forwarding or redirection.
2) It works right out of the box, but you may initially be limited to DES - it should be free to upgrade though (by registering).  The amount of VPNs you can establish at once (10 vs 25) is determined from the actual license you have.  If it isn't VPN edition or Security Plus, it may not support SSL VPN & webVPN, but will still do "regular" VPN.
3) For the standard remote access VPN, yes.  But this should be shipped with the device.
4) Yes.
5) Only security plus license is listed as supporting DMZ. (I don't have experience with any other)
6) Not 100%, but nowadays it's VERY close.  It varies slightly with the actual software versions I believe.
7) Yes.  Although probably not if they are configured for "transparent mode" - I don't know that too well.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.