Link to home
Start Free TrialLog in
Avatar of mikey250
mikey250

asked on

asa or pix advice

hi I am going to be setting up a windows 2008 network via a cisco 2950 and wanted to know which asa I should choose as I have been looking on ebay as below url:

http://www.ebay.co.uk/sch/Enterprise-Networking-Servers-/175698/i.html?_from=R40&_nkw=asa+firewall&_sop=2

question 1.  the max I can afford is £160 but not sure which firewall device to choose can anyone advise ?

or

http://www.ebay.co.uk/itm/Cisco-ASA-5505-Unlimited-User-Firewall-Router-ASA5505-UL-BUN-K9-IPsec-VPN-EXC-/141156704903?pt=US_Firewall_VPN_Devices&hash=item20dd986287

question 2.  is the asa firewall compatible with my virgin media vmdg485 router, which I currently set to 'modem/enable' providing me with a public ip address that changes every few months or so, just for testing purposes -  instead of using the normal built-in dhcp feature  ?

note:  I tried to configure my cisco pix 837 with my virgin media router but cannot seem to get the 'wan' connection up via command line as the pix is specifically for an 'adsl' link.
Avatar of Matt V
Matt V
Flag of Canada image

I don't think there is such a thing as a PIX 837.. Sounds like you have a Cisco 837 DSL Router.

That being said, the ASA should not care what your actual Internet connection is, it uses Ethernet ports to connect inline where you need it.

You should have no issues setting up an ASA to get the IP from the virgin media router.
Avatar of mikey250
mikey250

ASKER

ok, but what about my 2 x url links, as I am not sure which asa is better than the other  ?
Sorry, no access to E-Bay from work.  Hopefully someone else can answer that question for you.
ASKER CERTIFIED SOLUTION
Avatar of Henk van Achterberg
Henk van Achterberg
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hi henk van achterberg, yes I have been trying to get hold of the 'unlimited' as it appears to have extra features I think  ie attached voip etc
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hi henk, thanks for replying back, appreciated!!

so just to clarify:  yes I can see the below 10, 50 & unlimited as below:

cisco asa 5505 appliance with 10-user firewall license, 8 fe
asa505-bun-k9

cisco asa 5505 appliance with 50-user firewall license, 8 fe
asa5505-50-bun-k9

cisco asa 5505 appliance with sw, unlimited users, 8 fe
asa5505-ul-bun-k9

cisco asa 5505 appliance with unrestricted firewall license, security plus, 8 fe
asa5505-sec-bun-k9

question 1.  what does the (sw) stand for as above ?

question 2.  I usually use my firewall isa 2006/external nic that plugs directly into my virgin media router set as: 'modem/enable' providing me a temporary public ip address is my usual method.... but as I wish to buy an 'asa firewall', I will have to use my cisco 2950, which ((I assume may need trunking port enabled)), so I assume the following is required:  ?

cisco asa 5505 appliance with unrestricted firewall license, security plus, 8 fe
asa5505-sec-bun-k9

question 3.  regarding the vpn (anyconnect & uc proxy & other add on licenses, I assume these can be purchased separately on (any of the above)  ?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hi henk,

it appears from your comments that just purchasing the below is sufficient: ?

cisco asa 5505 appliance with 10-user firewall license, 8 fe
asa505-bun-k9

at the moment all I currently wish to do is setup 1 internal domain network, allowing internet access..& a single exchange server 2007 or 2010/13.

and in order to allow users to login the network from home I will use this 'anyconnect' to allow a remote secure vpn according to reading on google.

I wonder what it costs to add 'anyconnect' to asa5505 to allow the remote vpn  ?

I assume when my network may wish to connect to multiple different networks on different
'public ip addresses' is what you mean by 'multiple zones' and enable trunk on the cisco 2950 port  ?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ok thanks for that useful info.  I have looked at your site and found that link.

much appreciated!
could I ask one question about my cisco 837 pix..:)

as my cisco 837 pix is originally for an adsl link, I was told if I configure the command line manually, I could then enable the 'wan' connection, do you know how  ?

I was told a while ago that I would have to enable a 'vlan' connection for this to turn the layer 2 switchport to a wan connection, but I have not gone back to attempt this yet.
I have also recourse I am able to share on personal basis but I can not put it on the public internet. If you are interested just send me a mail.
I think your question regarding your router (not pix) is for another topic :) including what you want exactly and how.
hi ok I will email you making reference to where we spoke.  appreciated.

I will do that right now.
hi I have just sent you an email.
due to the answers provided I thought it was right to allocate all points.  much appreciated.