Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
2
Replies

Newbie need advice

binfch8770
Level 1
Level 1

‎12-17-2012 07:49 AM

Hi there

I am planing on buying 2 cisco firewalls and I am looking for some advice.

I need to host (housing contract) three of our physical blade-servers (running several virtual machines) at an internet provider's site and I need to:

  1. Secure these three servers with one firewall (block all inbound traffic except on a few TCP ports).
  2. On my side/office i'd like to have the other firewall with a permanent site-to-site VPN connection to the three remote servers.
  3. Next year some third party remote offices (5-15 at best) would also be granted access to the three servers via a site-to-site VPN (might use different VPN devices/brands). Important -> Once the third party remote offices get access via VPN I'd like to restrict their access to only certain IP addresses/ports.
  4. At the internet provider's side I won't have a dedicated/separate ethernet switch. The three servers will be connected directly to the firewall's LAN ports.

I have checked Cisco's (new) ISA500, the SA500 and the ASA5505.

Can someone pls give me some advice about what product to go for?

P.S: I don't consider myself to be a networking pro (I can configure some basic firewall stuff; I used for many years m0n0wall).

Thanks & cheers,

Peter

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-17-2012 09:45 AM

You might also look into ASA1000v (although it would be interested to sort out the physical connecitivty problem)

5505 is small, check the data sheet see if max cons and conns per sec + throughput offered would be enough:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

You could also consider a 890/1900 series router (with zone based firewall and VPN)

http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-519930.html

http://www.cisco.com/en/US/products/ps10538/index.html

But probably it would be best to talk to a Cisco System Engneer, they are the best to advise what would suit your needs.

(There's multiple considerations there, starting from licensing).

M.

0 Helpful

Karsten Iwen
VIP
VIP

‎12-17-2012 11:50 AM

If your focus is on firewalling and VPN, then I would recommend the ASA. The 5505 would be fine because of the internal switch. But if your internet-link is 100/100 (up/down), and both directions are heavily utilized, then the 5505 will be to slow. A 5512-x should have the power to handle the load. If you have a Gig-link, you probably need a much faster firewall.


Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents