Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
906
Views
5
Helpful
5
Replies

ASA5505-SEC-BUN-K9 features

Go to solution
varife1234
Level 1
Level 1

ā€Ž02-06-2015 03:14 AM - edited ā€Ž03-11-2019 10:27 PM

good evening,

i'm purchasing the ASA5505-SEC-BUN-K9 and i place some questions about its features:

  1. - is suitable to VDSL ( optical fiber with download throughput 100-300 Mbits ) without to limit the download throughput ( it will be linked to the modem VDSL TP-Link TD-W9980 )?

  2. - Can to suit to double binding ip address and mac address for connected clients ( for ex.: if a client added with its mac address and ip address and is changed with mac address spoofing either the client canā€™t access to internet, to router and to the lan )?

  3. - Does it suit to Intrusion Detention System ( or is purchasable with some other bundle )?

  4. - Can to be set ( advanced settings ) through GUI, CLI or a user friendly control panel?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

ā€Ž02-06-2015 04:40 AM

1) The 5505 only has FastEthernet-interfaces. You'll never get more than 100 Meg in one direction per interface. And the whole box only has a throughput of 150 MBit/s.

2) No, that has to be done on a managed switch where the client connects. The switch in the ASA is quite limited.

3) no

4) The GUI is the ASDM which is quite userfriendly, the CLI is very powerfull. But also with a userfriendly GUI you need to understand how the ASA behaves.

For your needs, I think you should wait for the Launch of the 5506-X with FirePower. That device is much faster, has Gigabit-interfaces, and the Sourcefire IPS.

View solution in original post

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to varife1234

ā€Ž02-06-2015 07:09 AM

1) Yes, they can get a combined download-speed of (nearly) 100 MBit. On my systems with 100Mbit cable circuit the real-world download rate is often a above 95 MBit/s.

2) Any managed switch should do that. At least all IOS-based switches starting with the 2960. I think the SG300 from the small-business-line should be capable too.

3) well, yes and no ...

Some time ago the was a module for the 5505 that did IDS/IPS. This module is EOL. There is still an internal IPS in the ASA-code. But this is completely outdated and in probably no way useful. Naming it IPS would be insulting to every real IPS system.

You need the FirePOWER-Bundle for IPS. That is subscription-based with one and three year terms.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Karsten Iwen
VIP
VIP

ā€Ž02-06-2015 04:40 AM

1) The 5505 only has FastEthernet-interfaces. You'll never get more than 100 Meg in one direction per interface. And the whole box only has a throughput of 150 MBit/s.

2) No, that has to be done on a managed switch where the client connects. The switch in the ASA is quite limited.

3) no

4) The GUI is the ASDM which is quite userfriendly, the CLI is very powerfull. But also with a userfriendly GUI you need to understand how the ASA behaves.

For your needs, I think you should wait for the Launch of the 5506-X with FirePower. That device is much faster, has Gigabit-interfaces, and the Sourcefire IPS.

0 Helpful

Go to solution
varife1234
Level 1
Level 1
In response to Karsten Iwen

ā€Ž02-06-2015 06:51 AM

1. - by your answer i meant the ASA 5505 will allow to 4 clients connected to 5505 the contemporaneous download till 100 Mbps. is correct?

2. - can you advice me a switch suitable with binding ip-mac address ( useful also with ASA 5506-X )?

3. - ok it doesnā€™t supply I.D.S.. I checked the ASA5505-SEC-BUN-K9 features and it has the Intrusion Prevention System. Is correct?

About 5506-X with the Sourcefire IPS, the Sourcefire IPS is included or needs some specific bundle? The Sourcefire IPS is better or equal than IPS of ASA 5505?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to varife1234

ā€Ž02-06-2015 07:09 AM

1) Yes, they can get a combined download-speed of (nearly) 100 MBit. On my systems with 100Mbit cable circuit the real-world download rate is often a above 95 MBit/s.

2) Any managed switch should do that. At least all IOS-based switches starting with the 2960. I think the SG300 from the small-business-line should be capable too.

3) well, yes and no ...

Some time ago the was a module for the 5505 that did IDS/IPS. This module is EOL. There is still an internal IPS in the ASA-code. But this is completely outdated and in probably no way useful. Naming it IPS would be insulting to every real IPS system.

You need the FirePOWER-Bundle for IPS. That is subscription-based with one and three year terms.

0 Helpful

Go to solution
varife1234
Level 1
Level 1
In response to Karsten Iwen

ā€Ž02-11-2015 02:18 AM

hello Karsten,

can you link me an intuitive manual for a user-friendly guide for ASA 5506-X?

1) in case of a VDSL ( fiber optical ) till 300 Mbps there are solutions Cisco that manage those speeds?

2) in case of IOS 2960 switch could i block internet access ( meant how stop access to internet of a pc client both direction incoming and outcoming ) for only one user account of the pc-client ( so i should allow the internet traffic in every direction for Others user account )?

Riccardo

 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to varife1234

ā€Ž02-11-2015 04:43 AM

The 5506-X is not yet available. So there is not much detailed information at the moment.

The performance depends on the services you want. For 300 MBit/s also a 5506-X could be too slow. Here are the actual models compared (that includes the 5506-X):

http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/models-comparison.html

Question 2)

That can be done with 802.1x, but that can be a huge work to implement.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card