cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
411
Views
0
Helpful
2
Replies

New to ASA - Right product for purpose

jsimotas1
Level 1
Level 1

Hi -

I apologize in advance if this is not the correct place for this type of question - it's rather pre-sales.

I've inherited a 400 user Exchange (mostly) setup in a light datacenter.  The datacenter has 3 Exchange servers and 4 other servers for basic SMTP/IMAP routing, maybe 2 light duty RDP servers.  No voice, no video.

The services are reachable across 5 public ips and various standard ports and all I want is the inbound traffic for publicip X port Y to go to privateip A port B.

Based on the specs it looks like even the ASA 5505 would be OK, but maybe the ASA 5510.  Then again I'm new to Cisco and the products cover such a broad spectrum - I'm not even sure I'm in the right product line.  I think if I was looking at Juniper it would be the SRX210 but then the SSG5 looks like the competition for ASA 5505.

Firewall Requirements

-          Replacing 6 public facing ‘consumer’ grade firewalls (e.g. Linksys befsr41v3, Netgear FVX538)

-          Multiple public networks (5 to 10) xxx.xxx.xxx.164 to .170

-          Multiple private networks (3 to 5)

-          NAT

-          Port translation

-          VPN not needed except to pass through

-          Relatively easy to config / manage.  (I can handle command line but GUI might be nice)

-          Max 1000 users making connections for Exchange (RPC over HTTPS) to a farm of 3 servers

-          SMTP traffic inbound (no cleaning required) but route accept connections from certain IP ranges to server 1, all else to server2

-          RDP traffic for 100 users

-          No end users will sit behind firewall

-     Spam / Virus filtering is handled by a service provider so not a concern here (in fact we would prob have to disable any mail flow filters)

2 Replies 2

Kureli Sankar
Cisco Employee
Cisco Employee

ASA5505 or if you need to keep future growth in mind ASA5510 will get the job done.

You can check the data sheet here: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

BUY MORE CISCO !!!

-KS

Panos Kampanakis
Cisco Employee
Cisco Employee

To add to kusankar's suggestion it seems even a 5505 would be able to support you.

But 1K users and potential 100RDP session are load. I would go with something bigger than a 5505 even if bandwidth-wise it would be able to support the current setup. Reason being that at peak times and/or with future growth.you might exceed 150Mbps.

I hope it helps.

Panos

Review Cisco Networking for a $25 gift card