We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Cisco asa 5505 - Maximum user support - Can it be used on my network?

Medium Priority
1,016 Views
Last Modified: 2012-06-27
Hello, We are running a 500 node network. We utilise three internet gateways each of whitch has a dedicated internal firewall, Smoothall advanced, Watchguard 5 series and i am looking to replace an old cisco box with a cisco asa 5505 model. The maximum users going through this unit would be in the region of 200 via a proxy server or if possible setup the 5505 to act as an http proxy. All I need it to do is act as a firewall and allow these users to access the web for day to day task. A dmz is required and this unit is capable of that as well as basic vpn connectivity. Although designed for small business would it be possible to use the 5505 in this setting? Will it handle the traffic requirements? Money is very tight so spending more than £800 is going to be diffcult. Throughput is around 150mbps which I think is enough but I could be wrong.

Regards, Aelara
Comment
Watch Question

Svet PaperovIT Manager

Commented:
5505 has a lot of limitations and I am not sure that you will be albe to set up it in that way. For example, if I remember correctrly, it supports DMZ by VLANs but you cannot connect from one VLAN to the other.

I suggest you to check the basic version of 5510. It's under 1000$ in US and it's a full featured firewall
Don JohnstonInstructor
CERTIFIED EXPERT
Top Expert 2015

Commented:
There is an unlimited user license for the 5505 so you could make it work. But for that many users, I would go with a 5510.

Author

Commented:
Thanks for the info, Looking at it again would the following product not do the same job? I could take advantage of Windows server technology within our organisation to handle any shortcomings it may have.

http://www.dabs.com/products/cisco-887-adsl2-2--annex-a-security-router-w--adv-ip-7265.html?q=adsl%202%20router

Thanks, Aelara

Author

Commented:
Can I also add that port forwarding is something i am happy with instead of a dedicated dmz. Our network is mid size with 500 hosts, Am i wrong or is a dmz essential? All servers are always patched and all unnecessary ports closed on each server. i know I am deveating slightly but depending on what the experts advise I may opt for the cisco router in the post above and simply port forward.It seems to do most of what the asa 5505/5510 can do in relation to firewall and vpn.

Thanks, Aelara.
Svet PaperovIT Manager

Commented:
Cisco 887 is a router with some security features but it is not a firewall. Theoretically, someone could replace a firewall with a router-only configuration, but not with so many users. You network is not so small, 500 hosts is the upper limit for Microsoft’s definition of medium size network.

I will definitely go with 5510, even more, I would go for Security license – it gives more features and 1Gpbs network ports.  

Finally, you already need a DMZ; at some point in the future you will decide to implement VPN, multiple contexts, etc. So, you will end paying much more.

Author

Commented:
Thanks, One last question on the Cisco ASA 5505 before accepting a solution. We have an older 5505 which runs software version 7.2. The latest is 8.3 I think. We don't have a support contract with Cisco. Assuming we baught the 5510 can the 5505 be used in a secondry role running 7.2? Is it safe enough or have newer versions plugged known holes?

In other words is firmware version 7.2 still ok to use on the 5505 as a firewall device?

Thanks. Aelara.
IT Manager
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
We have an independent network on a separate vlan, 20 users. We need the 5505 running 7.2 to act as a firewall and provide vpn access to 8 of those users. The license we have is for 20 internal hosts and 50 vpn users. We will purchase the 5510 for the main network as per your recommendation that will sit beside the watchguard unit and Smothwall advanced firewall.

Many Thanks, Aelara.
Svet PaperovIT Manager

Commented:
Sounds OK
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.