Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4374
Views
30
Helpful
5
Replies

Choosing ASA for my Home LAB

Go to solution
George-Sl
Level 1
Level 1

‎09-08-2019 11:17 AM - edited ‎09-08-2019 11:21 AM

Hi,

I have found ASA 5510 quiet affordable, but at the same time here that I checked it says it doesn't support version 9.x, but 5505 does, I think there should be a mistake?!

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#id_59423

Aside from the IPS module that's bieng supported by this switch, what features I am missing to practice with in compare to newer generations?

Regards,

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-08-2019 08:04 PM

There is some utility of using ASA 5510 to use in your lab for practice. However it should be running the 9.1(7) ASA software AND have a Security Plus license. If it doesn't have that you won't be able to do many of the more useful tasks.

If you have that, then having a pair of them is useful for CCIE security studies as you can do active-standby, active-active (multi-context), and clustering. You can also do all of the basic config tasks like ACLs, NAT, remote access VPN, site-site VPN etc. These are all blueprint tasks, even on the upcoming CCIE Security v6.

Note you can also do all of the above in EVE-NG if you have access to the images.

 

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to George-Sl

‎09-08-2019 11:16 PM

We are selling and deploying next to zero new ASA hardware appliances.

Currently it generally makes better economic and technical sense to buy new Firepower appliances - even if they run ASA software image. The majority of new deployments I do are Firepower appliances with FTD image.

That said there are many many (millions of) ASAs in active use all around the world. They are going away soon and I'm sure we will continue to see them for the next 5-10 years. We even see a Cisco Pix firewall now and then and those were last sold in 2008

View solution in original post

5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎09-08-2019 11:29 AM

Hi,
Both 5505/5510 support up to version 9.1, but both are End of life and End of support, the firmware on these devices is out dated. I would not consider either of these devices.

You could consider an ASA 5506-X, which supports the latest ASA 9.12.x firmware. It also supports the NGFW OS FTD, with all the latest features (IPS, SSL Decryption, AMP etc), but up to FTD version 6.2.3 only (newer versions will not be released on this device). Or an ASA 5515-X supports the latest FTD version 6.4.

HTH

Go to solution
Karsten Iwen
VIP
VIP

‎09-08-2019 12:48 PM

My recommendation is not to use any of these devices. If you have a PC/Mac with some spare resources and VMware Workstation or Fusion, use the ASAv (or FTDv). It's an up to date ASA with all features, but without a license highly restricted in bandwidth. But for a lab, bandwidth is typically not a problem. Using a 5510/5505 is like preparing for a Microsoft certification but only using Windows XP.

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-08-2019 08:04 PM

There is some utility of using ASA 5510 to use in your lab for practice. However it should be running the 9.1(7) ASA software AND have a Security Plus license. If it doesn't have that you won't be able to do many of the more useful tasks.

If you have that, then having a pair of them is useful for CCIE security studies as you can do active-standby, active-active (multi-context), and clustering. You can also do all of the basic config tasks like ACLs, NAT, remote access VPN, site-site VPN etc. These are all blueprint tasks, even on the upcoming CCIE Security v6.

Note you can also do all of the above in EVE-NG if you have access to the images.

 

Go to solution
George-Sl
Level 1
Level 1
In response to Marvin Rhoads

‎09-08-2019 09:37 PM - edited ‎09-09-2019 08:52 AM

Yes exactly Sec+ with the 9.1(7) image, from what I found the only thing that could lack is the Firepower(FTD).

I have a different question as well, because FTDs have been around for quite sometime now, how's the market ratio in most businesses for FTDs in compare to ASAs?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to George-Sl

‎09-08-2019 11:16 PM

We are selling and deploying next to zero new ASA hardware appliances.

Currently it generally makes better economic and technical sense to buy new Firepower appliances - even if they run ASA software image. The majority of new deployments I do are Firepower appliances with FTD image.

That said there are many many (millions of) ASAs in active use all around the world. They are going away soon and I'm sure we will continue to see them for the next 5-10 years. We even see a Cisco Pix firewall now and then and those were last sold in 2008

Customers Also Viewed These Support Documents