ASA feature navigator

communication.boy · ‎12-01-2011

A very good tool for feature checking is Cisco Feature Navigator however it doesnt have ASA features . I am trying to check if ASA 5510 BASE supports IP SLA or not . Where can i find that

Tim Hamblin · ‎12-01-2011

Hi there,

As far as I know, may be corrected by someone else!!!, the ASA software only has a subset of IP SLA implemented.

For example, you can use IP SLA for static route tracking (for ISP Failover), and use ICMP-ECHO for that. However, ICMP-ECHO is the only protocol-type that has been implemented in the SLA-mechanism of the ASA.

So, to answer your question, yes it will support it but only in a limited fashion!!! I am sure someone with more knowledge may be able to give you a more detailed answer.

Hiope this helps a little,

Tim

communication.boy · ‎12-01-2011

Yes I want to implement ISP failover . But there are 2 licenses when it comes to ASA 5510 , first one being ASA 5510 BUNK9 aka ASA 5510 BASE while other being ASA 5510 SEC BUNK9 aka ASA 5510 Security Plus .

I wanted to know if there is a limitation of IP SLA with the Base bundle thats why I was looking for a feature navigator .

Tim Hamblin · ‎12-01-2011

Try this:

From : http://www.scribd.com/doc/25025428/Configuring-a-Cisco-ASA-5505-Rob-Denney

"Overview of Device Features Differences between Base License and Security Plus License The 5500 series comes in a variety of models but we are going to be focusing on the 5505 model, released in 2006. The 5505 model comes in two separate licenses. These licenses are the base and the security plus. Both offer 150 megabits per second throughput, a maximum of 25 SSL VPN user sessions, and a maximum encrypted VPN throughput of 100 megabits per second. However, the security plus license has additional features. For example, it supports up to 25,000 maximum firewall connections whereas the base license only supports a maximum of 10,000. It also supports a maximum of 25 site-to-site and remote access VPN sessions and the base license supports a maximum of 10. It should be noted that both licenses initially only support two VPN connections( 2). The security plus license also allows for a maximum of 20 virtual interfaces, commonly referred to as VLANs, with trunking enabled, and the base license supports a maximum of three. Unfortunately, neither of the licenses supports intrusion prevention, content security (which includes antivirus, anti spyware, and file blocking), or VPN clustering and load balancing.

"A major difference between the two licenses is that the base license does not allow traffic to be forwarded from one VLAN to another; this restriction is removed in the security plus license. However, the base license does allow that particular VLAN to respond to requests. Another way of explaining this restriction is that there are two normal zones and one restricted zone that can only communicate with one of the other zones( 2). This can potentially create problems when trying to implement a demilitarized zone (also known as a DMZ) as will be discussed in a later section.

This device also implements URL Filtering, Secure Desktop, IP Auditing, and can use certificates for identification."

Julio Carvajal · ‎12-01-2011

Hello Communication.boy,

All you need is to be running at least the Security Appliance version 7.2(1).

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC