Cisco ASA 5505 Pre-Purchase Questions


I have a Pix 501 that I am thinking should get retired and upgrade to an ASA 5505.  Small shop of 10 computers four of which are servers.  I am looking at Ebay to save money (no deep pockets here !).

I am thinking of going with the security plus.  Why not ?  Better DMZ capabilities.  Might be over-kill in this situation but I would rather have the increased capabilities from the get go as it would probably be more expensive to add them later.  Agree ?

I think most of the 5505's come with 512 MB of RAM.  I have seen a couple at 1 GB.  Is 512 enough ?  I see you can buy DIMMs for these.  Has anyone every opened these up to add more memory ?  Flash seems to be 128 MB.

Anyone put a AIP-SSC-5 card in one of these ?  Looks like you can do a lot with it.  The $1200-1500 price tag is a little steep though.

Some listings have something like V09 when describing the product.  What exactly is that ?  Are there different iterations of the 5505 ?  I know it came out in 2006.

I see some Cisco routers or other gear have come out that they have privacy issues and auto-upgraded their firmware on them.  I have not heard that of this device.  Anyone heard similar comments of the 5505 ?

Anything you want to add go ahead.  I looked at SonicWall and WatchGuard but I don't know if I want a monthly fee for a firewall.  If I have problems programming I can get help so not afraid of working with the ASA.

Thanks for your assistance.  I am close to putting in an order !
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Istvan KalmarHead of IT Security Division Commented:

DMZ need, if you want to publis serveres to internet, but if you buy this license (GPL price 750USD) only 10 computer able to communicata through the ASA, if you want more computer you need 10-50 or 10-UL upgrade

512 MB RAM enough for the ASA, you not need more memory for the latast images....

If you buy AIP-SSC-5 you need to bus SUSA for it to download the news update from cisco, why do you want to use it?

Some devices caomses K8 images, they only accept DES, if you need 3DES (K9), you need a free license:

Yes, it has autoupdate feature:
Configuration > Device Management > System Image/Configuration > Auto Update

I like ASA, but, Sonicwall is cheaper

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pizzaman7ConsultantAuthor Commented:
AIP is going to be out of the question.  Can't afford it.  Looks cool but not a necessity.

I never paid for the Cisco Software Assurance program so that is why the Pix I have is pretty out-of-date.  If you do that the ASA will be pretty cheap compared to the SonicWall !  Perhaps I should buy it and do a better job keeping an ASA up-to-date.

I like the idea of programming a firewall myself and very big on privacy.  I don't know if I want the device tied closely to the manufacturer like SonicWall and WatchGuard seem to be to their devices.

Thank you for your good information.
pizzaman7ConsultantAuthor Commented:
After doing some shopping I am thinking that I will go with a base model. The base handles 100 Mbps and I am currently on 12 Mbps. The base handles quite a few simultaneous connections so even if my media server gets bombarded I should be fine. Having only 10 machines won't matter as they are not all running at the same time anyway.

I have to go to used unit to get a security plus license at a reasonable cost. A lot of sellers don't even know how old the units are and I am not comfortable taking a unit that might already have had a good amount of wear and tear. I will say that my Pix has been running 24x7x365 for seven years and may be I reset it 12 times in that span.

I can't see myself going to crazy with vlans or trunking. I can have a DMZ if I choose.

I might as well save the money and buy a new unit around $300 !
pizzaman7ConsultantAuthor Commented:
Thanks !
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.