02-13-2008 05:50 PM - edited 03-11-2019 05:02 AM
Hey Guys,
I need to get some firewall experience, having never actually logged into a PIX or ASA I'm starting from the bottom. I want to buy something to integrate into my home lab.
Obviously I want to buy something that is relevant to what is "out there" now. I'm studying for my CCNP and would like to be looking for Firewall hardware for when I'm done.
So Pix or ASA? I'm not sure feature wise what I'm missing by going with a PIX over an ASA?
Looking on ebay the ASA5505's are "cheap" at about $400 bucks compared the other models. What am I missing by buying a 5505 over the more expensive ASA's?
I'm not sure what the difference in PIX models is but the 501s are cheap and the 515s?
This will be added to 2x 2900XLs, 2x 2950s, 2x 3550s, 2 2621s, and a bunch of 2500 routers.
I also managed to get a Cisco 4210 IDS that I have yet to play with. Hopefully that would work well in messing with the firewall.
Thanks!!!!
02-13-2008 06:32 PM
Mike, I recommend to get the ASA5505 as a home lab, that should be sufficient to get you started with ASA code 7.x and/or 8.03.
Of course, the higher end models have more capabilities in terms of technology supports like mode VLANs, more throughput etc.. so for sake of learning ASA5505 is an excellent product and what you will learn is basically the asa code which you then can apply to higher models.
That price is about right for ASA5505 for basic 10 user lisence which is the base lisence but if you can allocate another $300-400 at a later time you could get unlimmited user lisence which is known as Security plus lisence which will give you 802.1q support for vlans as well as DMZ support in addition to unlimited users outbound connections see link bellow for details.
ASA models comparison
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
See table 4 lisences for 5505
AS for the PIXes, the ASA is replacing PIXes but are still widely used out there, if you get PIX for your LAB get minimun PIX506E.
PIX515E are capable of more physical interfaces but for LAB you do not need to spend lots of money , 506E is good enough which will hold code up to 6.3(5) but not over 7.x..
All PIX500 model specs
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html
Rgds
Jorge
02-15-2008 02:09 AM
The ASA 5505 is probably your best bet if you want relevant firewall experience. I've got one here, taken me a week to configure as I have limited Cisco Experience, but got there at the end! Get a copy of the Cisco ASA book, absolute god send!!
Get one of these books
Also have a look at these examples
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
Hope this helps
Rich
02-15-2008 10:05 AM
Thanks guys, I'll keep an eye out for a 5505 then!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide