?
Solved

ASA5505 VPN firewall licensing

Posted on 2013-05-13
8
Medium Priority
?
626 Views
Last Modified: 2013-05-14
Hi All,

I need to place an order for an ASA 5505 VPN firewall this week (ASA5505-SEC-BUN-K9), detailed technical specifications here

This device supports 25 IPsec VPN peers. At the moment my server (Windows SBS 2003) is running in dual-NIC mode and also acts as a firewall and VPN gateway. I plan to convert the server to single-NIC mode and then place this device between the internet-router and the local LAN. And also configure this device to do VPN.

I want to know if I would need to purchase any client-side VPN license as well or any other sort of VPN license separately? I want to be able to use all VPN peers (incl 2 SSL and 25 IPSec peers).

Thanks,
Abid
0
Comment
Question by:Abid Muhammad
  • 5
  • 3
8 Comments
 
LVL 17

Accepted Solution

by:
Marius Gunnerud earned 1500 total points
ID: 39160956
it depends on what you plan on using it for.  Will you be having any site to site VPNs set up? if so how many? Will you have any remote access VPN users connecting to this Firewall? if so, will you be using Anyconnect or the Cisco VPN client and how many do you expect to be using the remote VPN?  Will you be needing a DMZ? If so, you will need to make sure that the ASA has the Security Plus license installed (the 5505 does not support 3 VLANs when running the Base license) I believe the 5505 with 25 IPsec VPN peers is using the Security Plus license.  Will you need mobility clients (i.e. phones, iPads, Tabs...etc) to connect to the ASA?

bottom line is that you need to find out your exact requirements and then work from there.  If you just want to put a firewall between your server and the internet then the Base license is fine.  You will also need to figure out the number of IPsec VPN users (this includes site to site and remote access VPNs using the Cisco VPN Client), find the number of AnyConnect users if there will be any...etc.
0
 

Author Comment

by:Abid Muhammad
ID: 39161009
Thanks for the quick response - just checked that this bundle includes Security Plus:

ASA5505-SEC-BUN-K9 = Cisco ASA 5505 Appliance with Unrestricted Firewall License, Security Plus, 8 FE

I have selected this device on the bases of what we need:

Support for site-to-site VPN in future (don't need it for now)
In the current setup usually 10-15 remote clients connect to the server via IPsec VPN, therefore 25 is a reasonable number considering future growth - I don't expect VPN users ever to go beyond 25
No DMZ required
Firewall and VPN throughput is reasonable
There are no VLANs in the current set up however the device supports up to 20

Going back to my question - if I buy this product would I need any more VPN license on top of the Security-Plus license which is already bundled in?
0
 
LVL 17

Assisted Solution

by:Marius Gunnerud
Marius Gunnerud earned 1500 total points
ID: 39161014
If those are your only requirements then you do not need any other licenses.
0
Rewarding opportunities for women in IT

Across the nation, technology jobs are vacant because there aren’t enough qualified professionals to fill them. With a degree from WGU, you can get the credentials it takes to become an in-demand IT professional. Plus, WGU’s IT programs include industry certifications.

 

Author Comment

by:Abid Muhammad
ID: 39161741
Thanks for the clarification. Another question pops up from your earlier response. What VPN client would I need to install on the client machines and how would I obtain it?

Let me explain it - When I searched for Cisco VPN Client I got to this link which says that its end-of-life product. No download link is available either. The question is, would I still be able to get it for free? As I can't afford to spend more money on SSL VPN license or AnyConnect license.
0
 

Author Comment

by:Abid Muhammad
ID: 39161915
Its becoming easier now - Found this:

"The Cisco® VPN Client is software that enables customers to establish secure, end-to-end encrypted tunnels to any Cisco Easy VPN server. This thin-design, IP Security (IPsec)-compliant implementation is available from Cisco.com for customers with Cisco SMARTnet® support, and is included free of charge with Cisco ASA 5500 Series security appliances and most Cisco PIX security appliances."
0
 
LVL 17

Expert Comment

by:Marius Gunnerud
ID: 39162295
Yes, You will either need a service contract with Cisco so you can download it from cisco.com, but it is also supplied on the CD that comes with the ASA that you purchased (or atleast it does when Cisco ships it).
0
 

Author Comment

by:Abid Muhammad
ID: 39163820
Hi MAG03,

Thanks for your help on this. Much appreciated!

I will close the ticket now.

Regards,
Abid
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question