asa or pix advice

hi I am going to be setting up a windows 2008 network via a cisco 2950 and wanted to know which asa I should choose as I have been looking on ebay as below url:

http://www.ebay.co.uk/sch/Enterprise-Networking-Servers-/175698/i.html?_from=R40&_nkw=asa+firewall&_sop=2

question 1.  the max I can afford is £160 but not sure which firewall device to choose can anyone advise ?

or

http://www.ebay.co.uk/itm/Cisco-ASA-5505-Unlimited-User-Firewall-Router-ASA5505-UL-BUN-K9-IPsec-VPN-EXC-/141156704903?pt=US_Firewall_VPN_Devices&hash=item20dd986287

question 2.  is the asa firewall compatible with my virgin media vmdg485 router, which I currently set to 'modem/enable' providing me with a public ip address that changes every few months or so, just for testing purposes -  instead of using the normal built-in dhcp feature  ?

note:  I tried to configure my cisco pix 837 with my virgin media router but cannot seem to get the 'wan' connection up via command line as the pix is specifically for an 'adsl' link.
mikey250Asked:
Who is Participating?
 
Henk van AchterbergConnect With a Mentor Sr. Technical ConsultantCommented:
The ASA 5505 is the only option you have for that price. Please be sure to select the right model (10 user, 50 user or unlimited).
0
 
Matt VCommented:
I don't think there is such a thing as a PIX 837.. Sounds like you have a Cisco 837 DSL Router.

That being said, the ASA should not care what your actual Internet connection is, it uses Ethernet ports to connect inline where you need it.

You should have no issues setting up an ASA to get the IP from the virgin media router.
0
 
mikey250Author Commented:
ok, but what about my 2 x url links, as I am not sure which asa is better than the other  ?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Matt VCommented:
Sorry, no access to E-Bay from work.  Hopefully someone else can answer that question for you.
0
 
mikey250Author Commented:
hi henk van achterberg, yes I have been trying to get hold of the 'unlimited' as it appears to have extra features I think  ie attached voip etc
0
 
Henk van AchterbergConnect With a Mentor Sr. Technical ConsultantCommented:
You have two type of licenses, the base license (with 10, 50 and unlimited users) and the security plus license (allow the use of trunk ports and more security zones).

On top of those licenses, you have VPN (AnyConnect) and UC Proxy and other add on licenses.
0
 
mikey250Author Commented:
hi henk, thanks for replying back, appreciated!!

so just to clarify:  yes I can see the below 10, 50 & unlimited as below:

cisco asa 5505 appliance with 10-user firewall license, 8 fe
asa505-bun-k9

cisco asa 5505 appliance with 50-user firewall license, 8 fe
asa5505-50-bun-k9

cisco asa 5505 appliance with sw, unlimited users, 8 fe
asa5505-ul-bun-k9

cisco asa 5505 appliance with unrestricted firewall license, security plus, 8 fe
asa5505-sec-bun-k9

question 1.  what does the (sw) stand for as above ?

question 2.  I usually use my firewall isa 2006/external nic that plugs directly into my virgin media router set as: 'modem/enable' providing me a temporary public ip address is my usual method.... but as I wish to buy an 'asa firewall', I will have to use my cisco 2950, which ((I assume may need trunking port enabled)), so I assume the following is required:  ?

cisco asa 5505 appliance with unrestricted firewall license, security plus, 8 fe
asa5505-sec-bun-k9

question 3.  regarding the vpn (anyconnect & uc proxy & other add on licenses, I assume these can be purchased separately on (any of the above)  ?
0
 
Henk van AchterbergConnect With a Mentor Sr. Technical ConsultantCommented:
question 1: just stands for software. It is possible to buy an ASA 5505 without software (empty flash). If that is the case you should TFTP your own software to it.

question 2: If you WANT to use multiple zones and TRUNK those over one cable you need the security plus. If you just want inside/outside and restricted DMZ then you do not need the plus variant.

question 3: that is correct.

I have made some extensive documentation regarding the ASA I cannot share on the web but can personally to you. I am at www.vanachterberg.org .
0
 
mikey250Author Commented:
hi henk,

it appears from your comments that just purchasing the below is sufficient: ?

cisco asa 5505 appliance with 10-user firewall license, 8 fe
asa505-bun-k9

at the moment all I currently wish to do is setup 1 internal domain network, allowing internet access..& a single exchange server 2007 or 2010/13.

and in order to allow users to login the network from home I will use this 'anyconnect' to allow a remote secure vpn according to reading on google.

I wonder what it costs to add 'anyconnect' to asa5505 to allow the remote vpn  ?

I assume when my network may wish to connect to multiple different networks on different
'public ip addresses' is what you mean by 'multiple zones' and enable trunk on the cisco 2950 port  ?
0
 
Henk van AchterbergConnect With a Mentor Sr. Technical ConsultantCommented:
You are right about almost everything. You can look for anyconnect essentials which is only the anyconnect client and NOT the SSL VPN Webinterface. This around 60 dollar I think.

I assume the 'multiple zones' is when more than one domain network is being linked together geographically & then using the 'trunk' connection would have to be enabled  ?

a zone is like a VLAN (a Virtual Local Access Network) so yes, multiple networks require a plus license. You have two fully functional networks in the base license and a "restricted" network, which means only traffic can be originated TO or FROM that network.

When using outside (internet) and inside (lan) you can use the base license.
0
 
mikey250Author Commented:
ok thanks for that useful info.  I have looked at your site and found that link.

much appreciated!
0
 
mikey250Author Commented:
could I ask one question about my cisco 837 pix..:)

as my cisco 837 pix is originally for an adsl link, I was told if I configure the command line manually, I could then enable the 'wan' connection, do you know how  ?

I was told a while ago that I would have to enable a 'vlan' connection for this to turn the layer 2 switchport to a wan connection, but I have not gone back to attempt this yet.
0
 
Henk van AchterbergSr. Technical ConsultantCommented:
I have also recourse I am able to share on personal basis but I can not put it on the public internet. If you are interested just send me a mail.
0
 
Henk van AchterbergSr. Technical ConsultantCommented:
I think your question regarding your router (not pix) is for another topic :) including what you want exactly and how.
0
 
mikey250Author Commented:
hi ok I will email you making reference to where we spoke.  appreciated.

I will do that right now.
0
 
mikey250Author Commented:
hi I have just sent you an email.
0
 
mikey250Author Commented:
due to the answers provided I thought it was right to allocate all points.  much appreciated.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.