Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 399
  • Last Modified:

CISCO ASA /PIX devices


This should be an easy question for firewall experts.

we have a 515e PIX that has 3 Physical interfaces (e0, e1 and e2). I assigned security levels to the interfaces. e0=0 e1=100 e2=10.

We are looking into replacing it with an ASA device.

(1) Which models would provide me with at least those 3 physical interfaces to configure those security zones?. . I get a little confused with some ASA models that come with switch ports integrated.

(2) You might also provide me with some basic "education"  about the physical and virtual interfaces on those devices.

Thanks
0
JohnRamz
Asked:
JohnRamz
  • 5
  • 4
1 Solution
 
Istvan KalmarHead of IT Security Division Commented:
The ASA and PIX ports configurable to subinterfaces, this means:
You able to make dot1q trunk to the switch, but is less secure than you separate it physycally
0
 
JohnRamzAuthor Commented:
So it  looks like 5510 and 5520 would provide me at least the same physical interfaces. Right?
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
JohnRamzAuthor Commented:
Would the 5505 also provide me with at least 3 physical interfaces? I do not care much about the extra security features. I just need at least to be able to configure the 3 Security Zones.

Thanks
0
 
Istvan KalmarHead of IT Security Division Commented:
yes, but if you want gigabitethernet buy 5520, if you want 5 fastethernet on 5510 buy ASA 5510 Firewall Edition Bundle
0
 
JohnRamzAuthor Commented:
What about 5505?
0
 
JohnRamzAuthor Commented:
Anybody else out there that could tell me if the 5505 model would work to configure at least 3 physical interfaces with different security levels? Thanks
0
 
Istvan KalmarHead of IT Security Division Commented:
HI,

If you buy 5505, you able to configure 3 security level, becouse it has restricted licence, it means the third zone only one direction can be make traffic!!!!

If you want all zone traffic you must buy ASA5505-SEC-BUN-K9

Cisco ASA 5505 Firewall Edition Unlimited-user Security Plus, 8-port Fast Ethernet switch, 25 IPsec VPN and 2 SSL VPN peers, DMZ, stateless Active/Standby
high availability, 3DES/AES
0
 
ForsakenSACommented:
Yes the ASA 5505 will work.  I would suggest buying the security plus add-on.

Here is some info from Cisco.

The Cisco ASA 5505 features a flexible 8-port 10/100 Fast Ethernet switch, whose ports can be dynamically grouped to create up to three separate VLANs for home, business, and Internet traffic for improved network segmentation and security.  

You could seperate the VLANs to be DMZ, LAN and Internet.

Continuing on:

As business needs grow, customers can install a Security Plus upgrade license, enabling the Cisco ASA 5505 to scale to support a higher connection capacity and up to 25 IPsec VPN users, add full DMZ support, and integrate into switched network environments through VLAN trunking support.

This just means you can actually extend the DMZ into you LAN by using Vlanning.  This will depend how your DMZ setup is at the moment and how many devices are connected?  Seperate switch, single device?

Basically with Vlanning you can have multiple virtual networks over a singal physical network.  

I hope this helps.
0
 
JohnRamzAuthor Commented:
Thanks for your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now