ASA5505 VPN firewall licensing

Hi All,

I need to place an order for an ASA 5505 VPN firewall this week (ASA5505-SEC-BUN-K9), detailed technical specifications here

This device supports 25 IPsec VPN peers. At the moment my server (Windows SBS 2003) is running in dual-NIC mode and also acts as a firewall and VPN gateway. I plan to convert the server to single-NIC mode and then place this device between the internet-router and the local LAN. And also configure this device to do VPN.

I want to know if I would need to purchase any client-side VPN license as well or any other sort of VPN license separately? I want to be able to use all VPN peers (incl 2 SSL and 25 IPSec peers).

Thanks,
Abid
Abid MuhammadIT ManagerAsked:
Who is Participating?
 
Marius GunnerudConnect With a Mentor Senior Systems EngineerCommented:
it depends on what you plan on using it for.  Will you be having any site to site VPNs set up? if so how many? Will you have any remote access VPN users connecting to this Firewall? if so, will you be using Anyconnect or the Cisco VPN client and how many do you expect to be using the remote VPN?  Will you be needing a DMZ? If so, you will need to make sure that the ASA has the Security Plus license installed (the 5505 does not support 3 VLANs when running the Base license) I believe the 5505 with 25 IPsec VPN peers is using the Security Plus license.  Will you need mobility clients (i.e. phones, iPads, Tabs...etc) to connect to the ASA?

bottom line is that you need to find out your exact requirements and then work from there.  If you just want to put a firewall between your server and the internet then the Base license is fine.  You will also need to figure out the number of IPsec VPN users (this includes site to site and remote access VPNs using the Cisco VPN Client), find the number of AnyConnect users if there will be any...etc.
0
 
Abid MuhammadIT ManagerAuthor Commented:
Thanks for the quick response - just checked that this bundle includes Security Plus:

ASA5505-SEC-BUN-K9 = Cisco ASA 5505 Appliance with Unrestricted Firewall License, Security Plus, 8 FE

I have selected this device on the bases of what we need:

Support for site-to-site VPN in future (don't need it for now)
In the current setup usually 10-15 remote clients connect to the server via IPsec VPN, therefore 25 is a reasonable number considering future growth - I don't expect VPN users ever to go beyond 25
No DMZ required
Firewall and VPN throughput is reasonable
There are no VLANs in the current set up however the device supports up to 20

Going back to my question - if I buy this product would I need any more VPN license on top of the Security-Plus license which is already bundled in?
0
 
Marius GunnerudConnect With a Mentor Senior Systems EngineerCommented:
If those are your only requirements then you do not need any other licenses.
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
Abid MuhammadIT ManagerAuthor Commented:
Thanks for the clarification. Another question pops up from your earlier response. What VPN client would I need to install on the client machines and how would I obtain it?

Let me explain it - When I searched for Cisco VPN Client I got to this link which says that its end-of-life product. No download link is available either. The question is, would I still be able to get it for free? As I can't afford to spend more money on SSL VPN license or AnyConnect license.
0
 
Abid MuhammadIT ManagerAuthor Commented:
0
 
Abid MuhammadIT ManagerAuthor Commented:
Its becoming easier now - Found this:

"The Cisco® VPN Client is software that enables customers to establish secure, end-to-end encrypted tunnels to any Cisco Easy VPN server. This thin-design, IP Security (IPsec)-compliant implementation is available from Cisco.com for customers with Cisco SMARTnet® support, and is included free of charge with Cisco ASA 5500 Series security appliances and most Cisco PIX security appliances."
0
 
Marius GunnerudSenior Systems EngineerCommented:
Yes, You will either need a service contract with Cisco so you can download it from cisco.com, but it is also supplied on the CD that comes with the ASA that you purchased (or atleast it does when Cisco ships it).
0
 
Abid MuhammadIT ManagerAuthor Commented:
Hi MAG03,

Thanks for your help on this. Much appreciated!

I will close the ticket now.

Regards,
Abid
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.