05-23-2011 03:21 AM - edited 03-11-2019 01:36 PM
Hello,
I´m looking for a firewall for my company and am reading about both Cisco ASA 5505 with Security Plus bundle and Cisco ASA 5510 with Security Plus bundle and I have a few questions.
This is the document i´m getting my information from.
It states the following:
Cisco ASA 5505 Security Plus bundle
Includes Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby high availability, dual ISP support, DMZ support, 3DES/AES license, and 1 expansion slot
and
Cisco ASA 5510 Security Plus bundle
Includes 5 Fast Ethernet interfaces, stateful firewall, 250 IPsec VPN peers, 2 SSL VPN peers, Active/Standby high availability, 3DES/AES license, and 1 expansion slot
QUESTIONS:
1) 1) For ASA 5510 can I have 250 mobile VPN users?
2) 2) Can I only have 2 firewall to firewall VPNs? If so can I buy a licence for 5-10?
3) 3) Is “dual ISP support, DMZ support” not supported in the ASA 5510 version?
Thanks in advance for your response.
Hilmar
Solved! Go to Solution.
05-23-2011 03:29 AM
Hi Hilmar,
Please find your answers below:
Q1: Yes you can have at max 250 users.
Q2: Could you elaborate a bit more on this, do you want to configure failover or are you wanted to do fw-to-fw VPN connectivity.
Q3: Only on ASA 5505 you need a special license for dual ISP and DMZ, not on ASA 5510 and higher.
Please have a look at this doc, it might help you:
http://www.cisco.com/en/US/customer/docs/security/asa/asa82/license/license82.html#wp190062
Here is the datasheet as well:
Hope this helps.
P.S. do rate helpful posts.
Thanks,
Varun
05-23-2011 04:08 AM
Hi Hilmar,
Yes you can create a VPN tunnel between your firewall and their firewall but I was a bit confused by the statement "If so can I buy a licence for 5-10?".
Yes , you would have the dual isp and DMZ feature even in base license.
Thanks,
Varun
05-23-2011 03:29 AM
Hi Hilmar,
Please find your answers below:
Q1: Yes you can have at max 250 users.
Q2: Could you elaborate a bit more on this, do you want to configure failover or are you wanted to do fw-to-fw VPN connectivity.
Q3: Only on ASA 5505 you need a special license for dual ISP and DMZ, not on ASA 5510 and higher.
Please have a look at this doc, it might help you:
http://www.cisco.com/en/US/customer/docs/security/asa/asa82/license/license82.html#wp190062
Here is the datasheet as well:
Hope this helps.
P.S. do rate helpful posts.
Thanks,
Varun
05-23-2011 04:00 AM
Thanks alot for the quick response and good answer.
Q2: I have part of my network at a datawarehouse and i need a VPN tunnel from my firewall to their firewall.
Q2: So dual ISP and DMZ features are a part of the stripped ASA 5510 ( that is with out the "SECURITY PLUS BUNDLE" )?
Best regards
Hilmar
05-23-2011 04:08 AM
Hi Hilmar,
Yes you can create a VPN tunnel between your firewall and their firewall but I was a bit confused by the statement "If so can I buy a licence for 5-10?".
Yes , you would have the dual isp and DMZ feature even in base license.
Thanks,
Varun
05-23-2011 04:39 AM
Thanks
Am i right to understand that i can not use IPSEC-tunnels for firewall to firewall?
Do i need to have SSL-VPN for that?
Hilmar
05-23-2011 04:55 AM
Hi Hilmar,
Yes, you can have a ipsec tunnel between two ASA's, but I am not really sure about the config, since VPN is not my expertise, but I just chceked it, it is possible.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide