• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 832
  • Last Modified:

Cisco asa 5505 - Maximum user support - Can it be used on my network?

Hello, We are running a 500 node network. We utilise three internet gateways each of whitch has a dedicated internal firewall, Smoothall advanced, Watchguard 5 series and i am looking to replace an old cisco box with a cisco asa 5505 model. The maximum users going through this unit would be in the region of 200 via a proxy server or if possible setup the 5505 to act as an http proxy. All I need it to do is act as a firewall and allow these users to access the web for day to day task. A dmz is required and this unit is capable of that as well as basic vpn connectivity. Although designed for small business would it be possible to use the 5505 in this setting? Will it handle the traffic requirements? Money is very tight so spending more than £800 is going to be diffcult. Throughput is around 150mbps which I think is enough but I could be wrong.

Regards, Aelara
0
Aelara
Asked:
Aelara
  • 4
  • 4
1 Solution
 
Svet PaperovIT ManagerCommented:
5505 has a lot of limitations and I am not sure that you will be albe to set up it in that way. For example, if I remember correctrly, it supports DMZ by VLANs but you cannot connect from one VLAN to the other.

I suggest you to check the basic version of 5510. It's under 1000$ in US and it's a full featured firewall
0
 
Don JohnstonInstructorCommented:
There is an unlimited user license for the 5505 so you could make it work. But for that many users, I would go with a 5510.
0
 
AelaraAuthor Commented:
Thanks for the info, Looking at it again would the following product not do the same job? I could take advantage of Windows server technology within our organisation to handle any shortcomings it may have.

http://www.dabs.com/products/cisco-887-adsl2-2--annex-a-security-router-w--adv-ip-7265.html?q=adsl%202%20router

Thanks, Aelara
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
AelaraAuthor Commented:
Can I also add that port forwarding is something i am happy with instead of a dedicated dmz. Our network is mid size with 500 hosts, Am i wrong or is a dmz essential? All servers are always patched and all unnecessary ports closed on each server. i know I am deveating slightly but depending on what the experts advise I may opt for the cisco router in the post above and simply port forward.It seems to do most of what the asa 5505/5510 can do in relation to firewall and vpn.

Thanks, Aelara.
0
 
Svet PaperovIT ManagerCommented:
Cisco 887 is a router with some security features but it is not a firewall. Theoretically, someone could replace a firewall with a router-only configuration, but not with so many users. You network is not so small, 500 hosts is the upper limit for Microsoft’s definition of medium size network.

I will definitely go with 5510, even more, I would go for Security license – it gives more features and 1Gpbs network ports.  

Finally, you already need a DMZ; at some point in the future you will decide to implement VPN, multiple contexts, etc. So, you will end paying much more.
0
 
AelaraAuthor Commented:
Thanks, One last question on the Cisco ASA 5505 before accepting a solution. We have an older 5505 which runs software version 7.2. The latest is 8.3 I think. We don't have a support contract with Cisco. Assuming we baught the 5510 can the 5505 be used in a secondry role running 7.2? Is it safe enough or have newer versions plugged known holes?

In other words is firmware version 7.2 still ok to use on the 5505 as a firewall device?

Thanks. Aelara.
0
 
Svet PaperovIT ManagerCommented:
Yes, it’s safe. It depends what you are planning to do with it.  

However, beware that Cisco has changed the syntax of many commands in 8.3 while the syntax of 8.2 is the same as 7.x. Personally, I’ve downgraded my 5510 from 8.3 to 8.2 because I’ve been lost in the new CLI commands.
0
 
AelaraAuthor Commented:
We have an independent network on a separate vlan, 20 users. We need the 5505 running 7.2 to act as a firewall and provide vpn access to 8 of those users. The license we have is for 20 internal hosts and 50 vpn users. We will purchase the 5510 for the main network as per your recommendation that will sit beside the watchguard unit and Smothwall advanced firewall.

Many Thanks, Aelara.
0
 
Svet PaperovIT ManagerCommented:
Sounds OK
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now