Using a Cisco ASA 5505 as a router

I'm a total newbie when it comes to firewalls. Could I also use a Cisco ASA 5505 as my router, or do I need another router? I'm sure you need more details, feel free to ask.

All i really need to do is get my auditors off my back and have the ability to open and forward some ports.

Thanks in advance.
rd740Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bkepfordCommented:
Firewalls will not do any advanced routing functions.
With that said yes you can use your ASA5505 as your router if it just a matter of a default route to your ISP.
0
bkepfordCommented:
PS Advanced NAT translations and port forwarding is right up an ASAs alley so you should be fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
decoleurCommented:
bkepford, when you say firewalls cannot do any advanced routing functions what doe s that mean?

if you have an isp handing off a single ethernet interface and one or more public ip address for your organization you can use an ASA as your perimeter device. the ASA 5505 also can use a second ISP interface as a backup internet path.

Although you can get routers with a firewall feature set on them, they are really not designed to act primarily as security endpoints so if you compare the costs you will be able to get more security features from a firewall at a lower price than you would from a router with a security focused OS.

hope this helps,

-t

FWIW look at the 5505 for an office with less than 10 users it is really meant for soho applications.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

bkepfordCommented:
Not saying that I know everything so I always welcome someone to correct me. So if any of my explanations are not correct please feel free to correct me.
The ASA can take in routing information from a dynamic routing protocol and do basic default route metric munipulation allowing one connection be prefered over the other. But when it comes to saying this kind of traffic goes this way and that kind of traffic goes that way and source specific routing. These things are beyond an ASAs decision making as far as I know.  
Say in the same scenario you have up there could you load balance between those two connections?
 
 
0
decoleurCommented:
far enough, i was under the impression that you might be able to take advantage of the modular policy framework to manipulate routing but it appears that PBR is relegated to IOS on routers and switches...

I wouldn't say we were load balancinf between two sites but using one as a primary egress with a second available should the primary go down. a good example of this is found in the "ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example" from http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

hope this helps clear things up, sorry to get off topic. Just trying to flush out my understanding.

-t
0
devangshroffCommented:
ASA can do routing , but it do nit have that much intelligence to do routing as a router .
0
rd740Author Commented:
Thanks for the input guys. I really just need the ASA 5505 to be the gateway to my isp and open and forward a handful of ports for about a dozen users. Is the consensus that it would be ok to use the ASA for that?

THANKS!
0
bkepfordCommented:
Yes!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.