[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2265
  • Last Modified:

Using a Cisco ASA 5505 as a router

I'm a total newbie when it comes to firewalls. Could I also use a Cisco ASA 5505 as my router, or do I need another router? I'm sure you need more details, feel free to ask.

All i really need to do is get my auditors off my back and have the ability to open and forward some ports.

Thanks in advance.
0
rd740
Asked:
rd740
1 Solution
 
bkepfordCommented:
Firewalls will not do any advanced routing functions.
With that said yes you can use your ASA5505 as your router if it just a matter of a default route to your ISP.
0
 
bkepfordCommented:
PS Advanced NAT translations and port forwarding is right up an ASAs alley so you should be fine.
0
 
decoleurCommented:
bkepford, when you say firewalls cannot do any advanced routing functions what doe s that mean?

if you have an isp handing off a single ethernet interface and one or more public ip address for your organization you can use an ASA as your perimeter device. the ASA 5505 also can use a second ISP interface as a backup internet path.

Although you can get routers with a firewall feature set on them, they are really not designed to act primarily as security endpoints so if you compare the costs you will be able to get more security features from a firewall at a lower price than you would from a router with a security focused OS.

hope this helps,

-t

FWIW look at the 5505 for an office with less than 10 users it is really meant for soho applications.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bkepfordCommented:
Not saying that I know everything so I always welcome someone to correct me. So if any of my explanations are not correct please feel free to correct me.
The ASA can take in routing information from a dynamic routing protocol and do basic default route metric munipulation allowing one connection be prefered over the other. But when it comes to saying this kind of traffic goes this way and that kind of traffic goes that way and source specific routing. These things are beyond an ASAs decision making as far as I know.  
Say in the same scenario you have up there could you load balance between those two connections?
 
 
0
 
decoleurCommented:
far enough, i was under the impression that you might be able to take advantage of the modular policy framework to manipulate routing but it appears that PBR is relegated to IOS on routers and switches...

I wouldn't say we were load balancinf between two sites but using one as a primary egress with a second available should the primary go down. a good example of this is found in the "ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example" from http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

hope this helps clear things up, sorry to get off topic. Just trying to flush out my understanding.

-t
0
 
devangshroffCommented:
ASA can do routing , but it do nit have that much intelligence to do routing as a router .
0
 
rd740Author Commented:
Thanks for the input guys. I really just need the ASA 5505 to be the gateway to my isp and open and forward a handful of ports for about a dozen users. Is the consensus that it would be ok to use the ASA for that?

THANKS!
0
 
bkepfordCommented:
Yes!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now