Solved

ASA5505 VPN firewall licensing

Posted on 2013-05-13
8
579 Views
Last Modified: 2013-05-14
Hi All,

I need to place an order for an ASA 5505 VPN firewall this week (ASA5505-SEC-BUN-K9), detailed technical specifications here

This device supports 25 IPsec VPN peers. At the moment my server (Windows SBS 2003) is running in dual-NIC mode and also acts as a firewall and VPN gateway. I plan to convert the server to single-NIC mode and then place this device between the internet-router and the local LAN. And also configure this device to do VPN.

I want to know if I would need to purchase any client-side VPN license as well or any other sort of VPN license separately? I want to be able to use all VPN peers (incl 2 SSL and 25 IPSec peers).

Thanks,
Abid
0
Comment
Question by:AbXd
  • 5
  • 3
8 Comments
 
LVL 17

Accepted Solution

by:
MAG03 earned 500 total points
ID: 39160956
it depends on what you plan on using it for.  Will you be having any site to site VPNs set up? if so how many? Will you have any remote access VPN users connecting to this Firewall? if so, will you be using Anyconnect or the Cisco VPN client and how many do you expect to be using the remote VPN?  Will you be needing a DMZ? If so, you will need to make sure that the ASA has the Security Plus license installed (the 5505 does not support 3 VLANs when running the Base license) I believe the 5505 with 25 IPsec VPN peers is using the Security Plus license.  Will you need mobility clients (i.e. phones, iPads, Tabs...etc) to connect to the ASA?

bottom line is that you need to find out your exact requirements and then work from there.  If you just want to put a firewall between your server and the internet then the Base license is fine.  You will also need to figure out the number of IPsec VPN users (this includes site to site and remote access VPNs using the Cisco VPN Client), find the number of AnyConnect users if there will be any...etc.
0
 

Author Comment

by:AbXd
ID: 39161009
Thanks for the quick response - just checked that this bundle includes Security Plus:

ASA5505-SEC-BUN-K9 = Cisco ASA 5505 Appliance with Unrestricted Firewall License, Security Plus, 8 FE

I have selected this device on the bases of what we need:

Support for site-to-site VPN in future (don't need it for now)
In the current setup usually 10-15 remote clients connect to the server via IPsec VPN, therefore 25 is a reasonable number considering future growth - I don't expect VPN users ever to go beyond 25
No DMZ required
Firewall and VPN throughput is reasonable
There are no VLANs in the current set up however the device supports up to 20

Going back to my question - if I buy this product would I need any more VPN license on top of the Security-Plus license which is already bundled in?
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 500 total points
ID: 39161014
If those are your only requirements then you do not need any other licenses.
0
 

Author Comment

by:AbXd
ID: 39161741
Thanks for the clarification. Another question pops up from your earlier response. What VPN client would I need to install on the client machines and how would I obtain it?

Let me explain it - When I searched for Cisco VPN Client I got to this link which says that its end-of-life product. No download link is available either. The question is, would I still be able to get it for free? As I can't afford to spend more money on SSL VPN license or AnyConnect license.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:AbXd
ID: 39161851
0
 

Author Comment

by:AbXd
ID: 39161915
Its becoming easier now - Found this:

"The Cisco® VPN Client is software that enables customers to establish secure, end-to-end encrypted tunnels to any Cisco Easy VPN server. This thin-design, IP Security (IPsec)-compliant implementation is available from Cisco.com for customers with Cisco SMARTnet® support, and is included free of charge with Cisco ASA 5500 Series security appliances and most Cisco PIX security appliances."
0
 
LVL 17

Expert Comment

by:MAG03
ID: 39162295
Yes, You will either need a service contract with Cisco so you can download it from cisco.com, but it is also supplied on the CD that comes with the ASA that you purchased (or atleast it does when Cisco ships it).
0
 

Author Comment

by:AbXd
ID: 39163820
Hi MAG03,

Thanks for your help on this. Much appreciated!

I will close the ticket now.

Regards,
Abid
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now