Solved

asa or pix advice

Posted on 2014-01-15
17
497 Views
Last Modified: 2014-01-19
hi I am going to be setting up a windows 2008 network via a cisco 2950 and wanted to know which asa I should choose as I have been looking on ebay as below url:

http://www.ebay.co.uk/sch/Enterprise-Networking-Servers-/175698/i.html?_from=R40&_nkw=asa+firewall&_sop=2

question 1.  the max I can afford is £160 but not sure which firewall device to choose can anyone advise ?

or

http://www.ebay.co.uk/itm/Cisco-ASA-5505-Unlimited-User-Firewall-Router-ASA5505-UL-BUN-K9-IPsec-VPN-EXC-/141156704903?pt=US_Firewall_VPN_Devices&hash=item20dd986287

question 2.  is the asa firewall compatible with my virgin media vmdg485 router, which I currently set to 'modem/enable' providing me with a public ip address that changes every few months or so, just for testing purposes -  instead of using the normal built-in dhcp feature  ?

note:  I tried to configure my cisco pix 837 with my virgin media router but cannot seem to get the 'wan' connection up via command line as the pix is specifically for an 'adsl' link.
0
Comment
Question by:mikey250
  • 9
  • 6
  • 2
17 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39782694
I don't think there is such a thing as a PIX 837.. Sounds like you have a Cisco 837 DSL Router.

That being said, the ASA should not care what your actual Internet connection is, it uses Ethernet ports to connect inline where you need it.

You should have no issues setting up an ASA to get the IP from the virgin media router.
0
 

Author Comment

by:mikey250
ID: 39782762
ok, but what about my 2 x url links, as I am not sure which asa is better than the other  ?
0
 
LVL 22

Expert Comment

by:Matt V
ID: 39782854
Sorry, no access to E-Bay from work.  Hopefully someone else can answer that question for you.
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
ID: 39790386
The ASA 5505 is the only option you have for that price. Please be sure to select the right model (10 user, 50 user or unlimited).
0
 

Author Comment

by:mikey250
ID: 39790423
hi henk van achterberg, yes I have been trying to get hold of the 'unlimited' as it appears to have extra features I think  ie attached voip etc
0
 
LVL 12

Assisted Solution

by:Henk van Achterberg
Henk van Achterberg earned 500 total points
ID: 39791085
You have two type of licenses, the base license (with 10, 50 and unlimited users) and the security plus license (allow the use of trunk ports and more security zones).

On top of those licenses, you have VPN (AnyConnect) and UC Proxy and other add on licenses.
0
 

Author Comment

by:mikey250
ID: 39792214
hi henk, thanks for replying back, appreciated!!

so just to clarify:  yes I can see the below 10, 50 & unlimited as below:

cisco asa 5505 appliance with 10-user firewall license, 8 fe
asa505-bun-k9

cisco asa 5505 appliance with 50-user firewall license, 8 fe
asa5505-50-bun-k9

cisco asa 5505 appliance with sw, unlimited users, 8 fe
asa5505-ul-bun-k9

cisco asa 5505 appliance with unrestricted firewall license, security plus, 8 fe
asa5505-sec-bun-k9

question 1.  what does the (sw) stand for as above ?

question 2.  I usually use my firewall isa 2006/external nic that plugs directly into my virgin media router set as: 'modem/enable' providing me a temporary public ip address is my usual method.... but as I wish to buy an 'asa firewall', I will have to use my cisco 2950, which ((I assume may need trunking port enabled)), so I assume the following is required:  ?

cisco asa 5505 appliance with unrestricted firewall license, security plus, 8 fe
asa5505-sec-bun-k9

question 3.  regarding the vpn (anyconnect & uc proxy & other add on licenses, I assume these can be purchased separately on (any of the above)  ?
0
 
LVL 12

Assisted Solution

by:Henk van Achterberg
Henk van Achterberg earned 500 total points
ID: 39792476
question 1: just stands for software. It is possible to buy an ASA 5505 without software (empty flash). If that is the case you should TFTP your own software to it.

question 2: If you WANT to use multiple zones and TRUNK those over one cable you need the security plus. If you just want inside/outside and restricted DMZ then you do not need the plus variant.

question 3: that is correct.

I have made some extensive documentation regarding the ASA I cannot share on the web but can personally to you. I am at www.vanachterberg.org .
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:mikey250
ID: 39792510
hi henk,

it appears from your comments that just purchasing the below is sufficient: ?

cisco asa 5505 appliance with 10-user firewall license, 8 fe
asa505-bun-k9

at the moment all I currently wish to do is setup 1 internal domain network, allowing internet access..& a single exchange server 2007 or 2010/13.

and in order to allow users to login the network from home I will use this 'anyconnect' to allow a remote secure vpn according to reading on google.

I wonder what it costs to add 'anyconnect' to asa5505 to allow the remote vpn  ?

I assume when my network may wish to connect to multiple different networks on different
'public ip addresses' is what you mean by 'multiple zones' and enable trunk on the cisco 2950 port  ?
0
 
LVL 12

Assisted Solution

by:Henk van Achterberg
Henk van Achterberg earned 500 total points
ID: 39792526
You are right about almost everything. You can look for anyconnect essentials which is only the anyconnect client and NOT the SSL VPN Webinterface. This around 60 dollar I think.

I assume the 'multiple zones' is when more than one domain network is being linked together geographically & then using the 'trunk' connection would have to be enabled  ?

a zone is like a VLAN (a Virtual Local Access Network) so yes, multiple networks require a plus license. You have two fully functional networks in the base license and a "restricted" network, which means only traffic can be originated TO or FROM that network.

When using outside (internet) and inside (lan) you can use the base license.
0
 

Author Comment

by:mikey250
ID: 39792533
ok thanks for that useful info.  I have looked at your site and found that link.

much appreciated!
0
 

Author Comment

by:mikey250
ID: 39792535
could I ask one question about my cisco 837 pix..:)

as my cisco 837 pix is originally for an adsl link, I was told if I configure the command line manually, I could then enable the 'wan' connection, do you know how  ?

I was told a while ago that I would have to enable a 'vlan' connection for this to turn the layer 2 switchport to a wan connection, but I have not gone back to attempt this yet.
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39792537
I have also recourse I am able to share on personal basis but I can not put it on the public internet. If you are interested just send me a mail.
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39792540
I think your question regarding your router (not pix) is for another topic :) including what you want exactly and how.
0
 

Author Comment

by:mikey250
ID: 39792546
hi ok I will email you making reference to where we spoke.  appreciated.

I will do that right now.
0
 

Author Comment

by:mikey250
ID: 39792564
hi I have just sent you an email.
0
 

Author Closing Comment

by:mikey250
ID: 39792581
due to the answers provided I thought it was right to allocate all points.  much appreciated.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now