rd740
asked on
Using a Cisco ASA 5505 as a router
I'm a total newbie when it comes to firewalls. Could I also use a Cisco ASA 5505 as my router, or do I need another router? I'm sure you need more details, feel free to ask.
All i really need to do is get my auditors off my back and have the ability to open and forward some ports.
Thanks in advance.
All i really need to do is get my auditors off my back and have the ability to open and forward some ports.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
bkepford, when you say firewalls cannot do any advanced routing functions what doe s that mean?
if you have an isp handing off a single ethernet interface and one or more public ip address for your organization you can use an ASA as your perimeter device. the ASA 5505 also can use a second ISP interface as a backup internet path.
Although you can get routers with a firewall feature set on them, they are really not designed to act primarily as security endpoints so if you compare the costs you will be able to get more security features from a firewall at a lower price than you would from a router with a security focused OS.
hope this helps,
-t
FWIW look at the 5505 for an office with less than 10 users it is really meant for soho applications.
if you have an isp handing off a single ethernet interface and one or more public ip address for your organization you can use an ASA as your perimeter device. the ASA 5505 also can use a second ISP interface as a backup internet path.
Although you can get routers with a firewall feature set on them, they are really not designed to act primarily as security endpoints so if you compare the costs you will be able to get more security features from a firewall at a lower price than you would from a router with a security focused OS.
hope this helps,
-t
FWIW look at the 5505 for an office with less than 10 users it is really meant for soho applications.
Not saying that I know everything so I always welcome someone to correct me. So if any of my explanations are not correct please feel free to correct me.
The ASA can take in routing information from a dynamic routing protocol and do basic default route metric munipulation allowing one connection be prefered over the other. But when it comes to saying this kind of traffic goes this way and that kind of traffic goes that way and source specific routing. These things are beyond an ASAs decision making as far as I know.
Say in the same scenario you have up there could you load balance between those two connections?
The ASA can take in routing information from a dynamic routing protocol and do basic default route metric munipulation allowing one connection be prefered over the other. But when it comes to saying this kind of traffic goes this way and that kind of traffic goes that way and source specific routing. These things are beyond an ASAs decision making as far as I know.
Say in the same scenario you have up there could you load balance between those two connections?
far enough, i was under the impression that you might be able to take advantage of the modular policy framework to manipulate routing but it appears that PBR is relegated to IOS on routers and switches...
I wouldn't say we were load balancinf between two sites but using one as a primary egress with a second available should the primary go down. a good example of this is found in the "ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example" from http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
hope this helps clear things up, sorry to get off topic. Just trying to flush out my understanding.
-t
I wouldn't say we were load balancinf between two sites but using one as a primary egress with a second available should the primary go down. a good example of this is found in the "ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example" from http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
hope this helps clear things up, sorry to get off topic. Just trying to flush out my understanding.
-t
ASA can do routing , but it do nit have that much intelligence to do routing as a router .
ASKER
Thanks for the input guys. I really just need the ASA 5505 to be the gateway to my isp and open and forward a handful of ports for about a dozen users. Is the consensus that it would be ok to use the ASA for that?
THANKS!
THANKS!
Yes!
With that said yes you can use your ASA5505 as your router if it just a matter of a default route to your ISP.