Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
0
Helpful
5
Replies

Keep the ASA 5505 for vlan routing or get a router?

Alexander Torres
Level 1
Level 1

‎01-07-2015 09:29 AM - edited ‎03-07-2019 10:07 PM

I have a switched/Flat network with mostly HP procurve 1920-48G switches that support 802.1 p/q VLAN tagging. We are in the process of redesigning the network to a more secure, less noisy, and better manageable network. Hello VLANs!

We have an ASA 5505 firewall laying around not in use. It supports 802.1q VLAN tagging so I know that it will work with the HP switches.

Can I use the ASA 5505 for my vlan routing or would I need to purchase a router? If so, then which model would you recommend?

side note: the network is small (180 users and 15 servers) and non of the network devices (switches and firewalls) are Cisco devices.

Please let k\me know if you need more information.

Best regards,

Alex

 

Labels:
0 Helpful
5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

‎01-07-2015 10:16 AM

With basic license, the 5505 supports 3 vlans. If you have security plus license that number is 20.
 

config guide:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/int5505.html

If you have the funding, you can use 2911 router instead.

data sheet:

http://www.cisco.com/c/en/us/products/collateral/routers/2900-series-integrated-services-routers-isr/data_sheet_c78_553896.html

 

HTH

0 Helpful

ghostinthenet
Level 7
Level 7

‎01-07-2015 10:21 AM

Doing router-on-a-stick can present a scalability issue whether you're using an ASA or a router. In this case, the 5505 may limit your number of VLANs (depending on its license) and is only going to give you 100Mb of aggregate Ethernet connectivity for all of your inter-VLAN routing if you use 802.1q. You can increase that if you run each of your VLANs to a dedicated switch port on the 5505, but it's still going to be something of a bottleneck.

The HP ProCurve 1920 unit will do layer 3 switching and static routing, which will route between your VLANs using its switching backplane at much higher speeds. I would look at that first.

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni

‎01-07-2015 10:31 AM

Hi Alex, I think you could use the ASA 5505, but certain considerations must be thought through like licenses, number of vlans and what kind of performance are you looking for in a "router".

Here's more information: http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/data_sheet_c78-701253.html?mdfid=280582808

If these are not up to scratch, then please consider a router 

http://www.cisco.com/c/en/us/products/routers/branch-routers/index.html#~products

HP Procurve may have the capability of inter-vlan routing too.

Layer 3 routing 

• Static IPv4/IPv6 routing 

Provides basic routing (supporting up to 32 static routes and 8 virtual VLAN interfaces); allows manual routing configuration

http://www8.hp.com/h20195/v2/GetDocument.aspx?docname=4AA5-4095ENW

Hth,

Bilal

 

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

Alexander Torres
Level 1
Level 1
In response to Bilal Nawaz

‎01-07-2015 01:14 PM

Sweet. I tested inter-vlan routing with the HP switches and it worked.

Thanks.

0 Helpful

ghostinthenet
Level 7
Level 7
In response to Alexander Torres

‎01-07-2015 01:26 PM

Awesome! Glad we could be of help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card