[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ASA5505 VPN firewall licensing

Posted on 2013-05-13
8
Medium Priority
?
616 Views
Last Modified: 2013-05-14
Hi All,

I need to place an order for an ASA 5505 VPN firewall this week (ASA5505-SEC-BUN-K9), detailed technical specifications here

This device supports 25 IPsec VPN peers. At the moment my server (Windows SBS 2003) is running in dual-NIC mode and also acts as a firewall and VPN gateway. I plan to convert the server to single-NIC mode and then place this device between the internet-router and the local LAN. And also configure this device to do VPN.

I want to know if I would need to purchase any client-side VPN license as well or any other sort of VPN license separately? I want to be able to use all VPN peers (incl 2 SSL and 25 IPSec peers).

Thanks,
Abid
0
Comment
Question by:Abid Muhammad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 17

Accepted Solution

by:
Marius Gunnerud earned 1500 total points
ID: 39160956
it depends on what you plan on using it for.  Will you be having any site to site VPNs set up? if so how many? Will you have any remote access VPN users connecting to this Firewall? if so, will you be using Anyconnect or the Cisco VPN client and how many do you expect to be using the remote VPN?  Will you be needing a DMZ? If so, you will need to make sure that the ASA has the Security Plus license installed (the 5505 does not support 3 VLANs when running the Base license) I believe the 5505 with 25 IPsec VPN peers is using the Security Plus license.  Will you need mobility clients (i.e. phones, iPads, Tabs...etc) to connect to the ASA?

bottom line is that you need to find out your exact requirements and then work from there.  If you just want to put a firewall between your server and the internet then the Base license is fine.  You will also need to figure out the number of IPsec VPN users (this includes site to site and remote access VPNs using the Cisco VPN Client), find the number of AnyConnect users if there will be any...etc.
0
 

Author Comment

by:Abid Muhammad
ID: 39161009
Thanks for the quick response - just checked that this bundle includes Security Plus:

ASA5505-SEC-BUN-K9 = Cisco ASA 5505 Appliance with Unrestricted Firewall License, Security Plus, 8 FE

I have selected this device on the bases of what we need:

Support for site-to-site VPN in future (don't need it for now)
In the current setup usually 10-15 remote clients connect to the server via IPsec VPN, therefore 25 is a reasonable number considering future growth - I don't expect VPN users ever to go beyond 25
No DMZ required
Firewall and VPN throughput is reasonable
There are no VLANs in the current set up however the device supports up to 20

Going back to my question - if I buy this product would I need any more VPN license on top of the Security-Plus license which is already bundled in?
0
 
LVL 17

Assisted Solution

by:Marius Gunnerud
Marius Gunnerud earned 1500 total points
ID: 39161014
If those are your only requirements then you do not need any other licenses.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:Abid Muhammad
ID: 39161741
Thanks for the clarification. Another question pops up from your earlier response. What VPN client would I need to install on the client machines and how would I obtain it?

Let me explain it - When I searched for Cisco VPN Client I got to this link which says that its end-of-life product. No download link is available either. The question is, would I still be able to get it for free? As I can't afford to spend more money on SSL VPN license or AnyConnect license.
0
 

Author Comment

by:Abid Muhammad
ID: 39161915
Its becoming easier now - Found this:

"The Cisco® VPN Client is software that enables customers to establish secure, end-to-end encrypted tunnels to any Cisco Easy VPN server. This thin-design, IP Security (IPsec)-compliant implementation is available from Cisco.com for customers with Cisco SMARTnet® support, and is included free of charge with Cisco ASA 5500 Series security appliances and most Cisco PIX security appliances."
0
 
LVL 17

Expert Comment

by:Marius Gunnerud
ID: 39162295
Yes, You will either need a service contract with Cisco so you can download it from cisco.com, but it is also supplied on the CD that comes with the ASA that you purchased (or atleast it does when Cisco ships it).
0
 

Author Comment

by:Abid Muhammad
ID: 39163820
Hi MAG03,

Thanks for your help on this. Much appreciated!

I will close the ticket now.

Regards,
Abid
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question