cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1000
Views
5
Helpful
2
Replies

ASA 5505 licensing query.

Hi,

I have a client with a requirement for 2 internal lan segments to be able to reach the outside(internet) some static NAT's will be setup to expose services in the DMZ( possibly on the inside aswell using cut-through proxy for temporary access at time to time).

Those internal LAN segments, which I will call inside and dmz do not need to communicate with each other.

Will the following license suffice? Can I create 3 vlans with ASA5505-UL-BUN-K9

Cisco ASA 5505 unlimited user bundle( ASA5505-UL-BUN-K9)

Includes unlimited user license, 8-port Fast Ethernet switch, stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot

or will I need to get one of the following?

Cisco ASA 5505 Security Plus bundle (ASA5505-SEC-BUN-K9)

Includes Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby high availability, dual ISP support, DMZ support, 3DES/AES license, and 1 expansion slot

or

Cisco ASA 5505 Security Plus license (provides  stateless Active/Standby high availability, dual ISP support, DMZ  support, VLAN trunking support, and increased session and IPSec VPN peer  capacities) as an addon?

Many thanks!

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, with your requirement, you can go with the Unlimited Base license for ASA 5505. You don't have to purchase the Unlimited Security Plus license, however, if you decide to expand in the future, it might be a good idea to purchase the Unlimited Security Plus bundle up front. But the decision is yours.

Here is a sample topology and configuration on what you are trying to achieve with ASA 5505 base license:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_examples.html#wp1065205

I guess that matches perfectly with your requirements, right?

View solution in original post

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, with your requirement, you can go with the Unlimited Base license for ASA 5505. You don't have to purchase the Unlimited Security Plus license, however, if you decide to expand in the future, it might be a good idea to purchase the Unlimited Security Plus bundle up front. But the decision is yours.

Here is a sample topology and configuration on what you are trying to achieve with ASA 5505 base license:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_examples.html#wp1065205

I guess that matches perfectly with your requirements, right?

Thanks yes I believe that is similar.

In reality they have an inside, outside and a VOIP phone network. The VOIP phone network will never need to communicate with the inside network. I just need to make sure that SIP and the RTP traffic can pass to and from the voice vlan from the outside.

cheers.

Review Cisco Networking for a $25 gift card