Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco ASA5500 - Best model for out business

Posted on 2011-03-19
6
Medium Priority
?
585 Views
Last Modified: 2013-11-29
Experts –

I like to purchase a Cisco ASA5500 device and would like some advice which model and modules will fit best to my needs.
This is the environment it will be implemented in:

LAN Connection:                  GB Switch
Internet Connection:                   100 MB UP / DOWN
Max User connecting to internet:                            50
Max VPN Users:                  10
Max Site to Site VPN connection:                              2
Web Hosting Server:                  1 (Hosting a small website, very low traffic)
High Availability:                  Not Needed

I am looking for maximum security und throughput, so I am not sure what model & module would fit best? I assume either the 5510 or 5520 are sufficient? For the modules I was looking at the IPS and the content security expansions but I am not sure which will provide better security.
Will GB ports on the firewall make a difference in overall speed? Or is 100MB port good enough? Also how much memory should it have?

Please let me know if you need more information’s,

0
Comment
Question by:Martin Gerlach
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 35171939
I would go with the 5510 SecurityPlus bundle, the 5520 would probably be way overkill for what you describe.
ASA5510-SEC-BUN-K9
The Sec bundle gives you GB interfaces for throughput between LAN and say, DMZ interfaces, or at least a gig connection to the LAN switch and you can VLAN subinterface if needed without sacraficing anything.
The default 1G memory that comes with the bundle should be more than adequate.

To be honest with you, I don't put a lot of effort into the IPS or Content security modules. I've not seen the IPS module actually do anything except aggravate troubleshooting. The Content security module requires annual license subscription and does some basic web content filtering and in-line Anti-virus, but reports are almost non existent. IMHO, neither adds to your "security". Security is a process and 90% of it is policy driven and end-user education. There are other, better, products for web content like the Ironport, WebSense, iPrism, etc.
0
 

Author Comment

by:Martin Gerlach
ID: 35172058
Can I add the AIP-SSM-10 module to the ASA5510-SEC-BUN-K9? I can't find the SEC bundle incluing the AIP card?  
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 35172563
There is a bundle with both
ASA5510-AIP10SP-K9  ASA 5510 with AIP-SSM-10, 2GE+3FE, SW, HA,3DES/AES, SEC PLUS  
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:Martin Gerlach
ID: 35172626
Cool. What Ironport model would you recommand to look into for our inviorment?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 35172857
Low end S160
http://www.cisco.com/en/US/products/ps10609/index.html

Or iPrism, which I personally feel is a superior product, but the appliances go by throughput. If you really have 100M Internet, then it might get pricy..
http://www.edgewave.com/products/iprism/default.asp
0
 

Author Closing Comment

by:Martin Gerlach
ID: 35181686
Thanks for your help.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Check out what's been happening in the Experts Exchange community.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question