cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2030
Views
0
Helpful
11
Replies

Recommended features for ASA 5520

My current network setup has pix 525 firewall and for IDS i have 4215 box.As the utilization is high i am buying new ASA5520 firewall.

My query is

1 My IDS is end of support should i buy an IPS moudle with the asa 5520.is it recommended?

2 Other than firewalling what are the default features supported in asa 5520 like vpn,content filtering etc.

11 Replies 11

nkarthikeyan
Level 7
Level 7

Hi Sujeendran,

Yes. You can use 5520 as IPS but there are some limitations based on the licensing and modules.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

Refer the above datasheet which gives you featureset of entire 5500 series ASA models.

That has the through put details, ips throughput, vpn etc...

Please do rate if the given information helps

By

Karthik

Hi karthik ,

    Thank you for the quick response.i will check the data sheet .here there is a huge traffic through the firewall.Hope you are suggesting a separate ips box  ?

Hi Sujeendran,

Its up to you. How do u decide? My suggestion over here is go for an higher version and throughput by keeping future expansion in mind as well. As suggested by other techies go for the x-model ASA which will be better throghput and cost effective.

Please do rate if the given information helps.

By

Karthik

Hi Bro

Cisco ASA 5520 and Cisco PIX 525 are about the same family. The throughput is no difference (450Mbps). I would propose that you purchase Cisco ASA 5540 instead, that comes with higher throughput. After all, you did mentioned that your network utilization is high. Cisco ASA 5540 supports Cisco ASA AIP SSM-40.

 

Yes, you should include an IPS module with it as well. The Cisco ASA AIP SSM-40 runs on 650 Mbps throughput.

Besides the above, you could also enable THREAT DETECTION and QOS amoung the many security features available in a Cisco ASA FW software image.

P/S: if you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

I wouldn't buy the 5520 or the 5540 nowadays anymore. If you want firewall and IPS, the 5525-X should give you all the power you need and you have a more modern platform. (For future growth, there is also the 5545-X, 5555-X, ...) This firewall also doesn't need a hw-module for IPS, instead you activate a sw-process for that:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78_459036.pdf

Hi Bro

Yes, Karsten Iwen is correct. In fact, if you were to compare ASA5525-IPS-K8 and ASA5520-AIP40-K8 pricing, the Cisco ASA 5525-X (c/w IPS) is way cheaper by easily USD6,000 and has better throughout than the model I've proposed.

Part Number                           Part Description

-----------------------------               ----------------------------------------

ASA5525-IPS-K8                    ASA 5525-X with IPS, SW, 8GE Data, 1GE Mgmt, AC, DES

ASA5520-AIP40-K8                ASA 5520 Appliance w/ AIP-SSM-40, SW, HA, 4GE+1FE, DES

Warm regards,
Ramraj Sivagnanam Sivajanam

Dear All,

Thank you for the quick response .The current traffic is around 380 mbps in the pix 525  and cpu is also 90 % .As suggested i will look forward for ASA5525-IPS-K8. Hope this will cater my future requirement .

Hi Bro

Just because your FW CPU is 90% that doesn't mean you need to upgrade your FW. It could be due to unwanted network traffic and attacks. If you don't look into this now, upgrading your FW will not solve anything, I promise you that much.

Unless you're sure the 90% CPU load is coming from and to valid network traffic, then that's fine.

P/S: if you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

Hi all,

         Is any one know the approximate price of  ASA525-IPS-K8 and 5545 x

for a quick check I typically use amazon:

5525-IPS-K9: about $11500

Other sources (google) show about $10000 for the 5525-X-IPS anf $20000 for the 5545-X-IPS.

Hi Sujeendran,

You can check with the below URL for the best pricing.

http://www.costcentral.com/proddetail/Cisco_ASA_5525_X_Firewall_Edition/ASA5525K9/11573914/

http://www.costcentral.com/proddetail/Cisco_ASA_5545_X_IPS_Edition/ASA5545IPSK9/11579027/

Please do rate if the given information helps.

By

Karthik

Review Cisco Networking for a $25 gift card