cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3267
Views
5
Helpful
3
Replies

Firewall for home lab study?

miketta89
Level 1
Level 1

Hey Guys,

I need to get some firewall experience, having never actually logged into a PIX or ASA I'm starting from the bottom. I want to buy something to integrate into my home lab.

Obviously I want to buy something that is relevant to what is "out there" now. I'm studying for my CCNP and would like to be looking for Firewall hardware for when I'm done.

So Pix or ASA? I'm not sure feature wise what I'm missing by going with a PIX over an ASA?

Looking on ebay the ASA5505's are "cheap" at about $400 bucks compared the other models. What am I missing by buying a 5505 over the more expensive ASA's?

I'm not sure what the difference in PIX models is but the 501s are cheap and the 515s?

This will be added to 2x 2900XLs, 2x 2950s, 2x 3550s, 2 2621s, and a bunch of 2500 routers.

I also managed to get a Cisco 4210 IDS that I have yet to play with. Hopefully that would work well in messing with the firewall.

Thanks!!!!

3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

Mike, I recommend to get the ASA5505 as a home lab, that should be sufficient to get you started with ASA code 7.x and/or 8.03.

Of course, the higher end models have more capabilities in terms of technology supports like mode VLANs, more throughput etc.. so for sake of learning ASA5505 is an excellent product and what you will learn is basically the asa code which you then can apply to higher models.

That price is about right for ASA5505 for basic 10 user lisence which is the base lisence but if you can allocate another $300-400 at a later time you could get unlimmited user lisence which is known as Security plus lisence which will give you 802.1q support for vlans as well as DMZ support in addition to unlimited users outbound connections see link bellow for details.

ASA models comparison

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

See table 4 lisences for 5505

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_qas0900aecd805a1273.html

AS for the PIXes, the ASA is replacing PIXes but are still widely used out there, if you get PIX for your LAB get minimun PIX506E.

PIX515E are capable of more physical interfaces but for LAB you do not need to spend lots of money , 506E is good enough which will hold code up to 6.3(5) but not over 7.x..

All PIX500 model specs

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html

Rgds

Jorge

Jorge Rodriguez

richardowen123
Level 1
Level 1

The ASA 5505 is probably your best bet if you want relevant firewall experience. I've got one here, taken me a week to configure as I have limited Cisco Experience, but got there at the end! Get a copy of the Cisco ASA book, absolute god send!!

Get one of these books

http://www.amazon.co.uk/s/ref=nb_ss_w_h_/202-2027345-4004668?url=search-alias%3Daps&field-keywords=cisco+asa

Also have a look at these examples

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

Hope this helps

Rich

Thanks guys, I'll keep an eye out for a 5505 then!

Review Cisco Networking for a $25 gift card