Solved

ASA5505 VPN firewall licensing

Posted on 2013-05-13
8
589 Views
Last Modified: 2013-05-14
Hi All,

I need to place an order for an ASA 5505 VPN firewall this week (ASA5505-SEC-BUN-K9), detailed technical specifications here

This device supports 25 IPsec VPN peers. At the moment my server (Windows SBS 2003) is running in dual-NIC mode and also acts as a firewall and VPN gateway. I plan to convert the server to single-NIC mode and then place this device between the internet-router and the local LAN. And also configure this device to do VPN.

I want to know if I would need to purchase any client-side VPN license as well or any other sort of VPN license separately? I want to be able to use all VPN peers (incl 2 SSL and 25 IPSec peers).

Thanks,
Abid
0
Comment
Question by:AbXd
  • 5
  • 3
8 Comments
 
LVL 17

Accepted Solution

by:
MAG03 earned 500 total points
ID: 39160956
it depends on what you plan on using it for.  Will you be having any site to site VPNs set up? if so how many? Will you have any remote access VPN users connecting to this Firewall? if so, will you be using Anyconnect or the Cisco VPN client and how many do you expect to be using the remote VPN?  Will you be needing a DMZ? If so, you will need to make sure that the ASA has the Security Plus license installed (the 5505 does not support 3 VLANs when running the Base license) I believe the 5505 with 25 IPsec VPN peers is using the Security Plus license.  Will you need mobility clients (i.e. phones, iPads, Tabs...etc) to connect to the ASA?

bottom line is that you need to find out your exact requirements and then work from there.  If you just want to put a firewall between your server and the internet then the Base license is fine.  You will also need to figure out the number of IPsec VPN users (this includes site to site and remote access VPNs using the Cisco VPN Client), find the number of AnyConnect users if there will be any...etc.
0
 

Author Comment

by:AbXd
ID: 39161009
Thanks for the quick response - just checked that this bundle includes Security Plus:

ASA5505-SEC-BUN-K9 = Cisco ASA 5505 Appliance with Unrestricted Firewall License, Security Plus, 8 FE

I have selected this device on the bases of what we need:

Support for site-to-site VPN in future (don't need it for now)
In the current setup usually 10-15 remote clients connect to the server via IPsec VPN, therefore 25 is a reasonable number considering future growth - I don't expect VPN users ever to go beyond 25
No DMZ required
Firewall and VPN throughput is reasonable
There are no VLANs in the current set up however the device supports up to 20

Going back to my question - if I buy this product would I need any more VPN license on top of the Security-Plus license which is already bundled in?
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 500 total points
ID: 39161014
If those are your only requirements then you do not need any other licenses.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:AbXd
ID: 39161741
Thanks for the clarification. Another question pops up from your earlier response. What VPN client would I need to install on the client machines and how would I obtain it?

Let me explain it - When I searched for Cisco VPN Client I got to this link which says that its end-of-life product. No download link is available either. The question is, would I still be able to get it for free? As I can't afford to spend more money on SSL VPN license or AnyConnect license.
0
 

Author Comment

by:AbXd
ID: 39161851
0
 

Author Comment

by:AbXd
ID: 39161915
Its becoming easier now - Found this:

"The Cisco® VPN Client is software that enables customers to establish secure, end-to-end encrypted tunnels to any Cisco Easy VPN server. This thin-design, IP Security (IPsec)-compliant implementation is available from Cisco.com for customers with Cisco SMARTnet® support, and is included free of charge with Cisco ASA 5500 Series security appliances and most Cisco PIX security appliances."
0
 
LVL 17

Expert Comment

by:MAG03
ID: 39162295
Yes, You will either need a service contract with Cisco so you can download it from cisco.com, but it is also supplied on the CD that comes with the ASA that you purchased (or atleast it does when Cisco ships it).
0
 

Author Comment

by:AbXd
ID: 39163820
Hi MAG03,

Thanks for your help on this. Much appreciated!

I will close the ticket now.

Regards,
Abid
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Let’s list some of the technologies that enable smooth teleworking. 
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question