Cisco Firewall :: ASA 5505 Capabilities?
Sep 12, 2012
I'm currently looking at the slew of firewall options out on the market. I have the task of recommending one for a client that has the most functionality for a reasonable cost (preferably no more than $800). I typically would go with the ASA 5505 w/base lic. I have been using ASA devices for some years now and they have been great. But, as with the ever changing internet and security threats, would I be ok in going with the ASA? I'll admit I'm not knowledgeable in all the capabilities of the ASA. Is it considered a "Nex-Gen" firewall? Where is the ASA ranked in comparison to the other options like SonicWall, Juniper, Fortinet, etc.? I've worked with SonicWall and Juniper, but did not like them. It has been sometime though, so maybe they have gotten better.
With having layer 7 filtering and IDS/IPS capabilities, one feature I will need is VLAN capabilities and ability to provide separate DHCP service for each VLAN (ASA can do this). I will be setting up a guest, internet only, network. VLAN trunking would be nice (ASA can do this with security plus lic, expensive though). In addition, having solid VPN capabilities (client and site-to-site). Good product support and documentation is a must too.
View 1 Replies
ADVERTISEMENT
Aug 28, 2011
Before I decide to purchase the ASA5510 as our firewall solution I'd like to clear up some confusion I have regarding its expansion capabilities. According to the Cisco website, the ASA5510 supports 1x SSM expansion slot. Intrusion prevention (IPS) is supported via the AIP SSM. Content Security (anti-virus/spyware, file blocking) is supported via the CSC SSM.
One would assume that only one of these expansions can be enabled at time since it is clearly stated that the ASA5510 supports 1x SSM expansion (AIP SSM or CSC SSM). However, the Cisco representatives I've spoken with on the phone claim I can concurrently run both the AIP SSM and CSC SSM in a single ASA5510.
Also, I am debating if the ASA5510 is overkill for our network infrastructure and perhaps we should be going with the ASA5505. Essentially, we have a large network of users and we'd like to firewall three machines from the users such that only certain users (15 users) are allowed to access them. Are there any other compelling arguments to use the ASA5510 instead of the ASA5505 aside from the fact that ASA5505 does not support content security?
View 3 Replies
View Related
Jun 9, 2011
I have 2 CISCO WS-C3750G-12S-E witch I`m concidering using as redundant VLAN routers for a small WISP network.Do not have much experiences with these, so I might be asking stupid questions...The network has about 2000 connected clients.
Traffic is about 300 - 400 Mbps duplex.
100000 - 150000 PPS
Expected this to get to about 3000 connected clients.
Traffic about 500 - 700 Mbps duplex.
150000 - 200000 PPS
Before these end their duty Are they up for the task, or do you reccomed something different?
View 15 Replies
View Related
Jun 7, 2011
I will be purchasing an Insprion 570 with an AMD Athlon II X2 Processor 245 and 4 gigabytes of RAM from Dell in a short while as a budget gaming computer. I have a Qwest wireless router connected to my main rig, and I was just wondering if I would need to buy a wireless adapter, namely the Netgear WNA3100 Wireless-N 300Mbps USB Adapter from Dell, to be able to recognize and connect to the network, or would it automatically recognize the network without it.
View 3 Replies
View Related
Sep 15, 2011
I have a Toshiba A665D. For some reason the wireless capabilities is turned on and doesnt turn back on no matter.what ive done
- ive tired fn+f8 but it tells me waireless capabilities are disabled.
- the wireless button on top of the keyboard above the f8 does not do anything but light off then light back up
- in Windows Mobility Center, the turn wireless on button is disabled so i cant use it
- ive even tried uninstalling the driver and restarting the computer
- system restore doesn't work
View 11 Replies
View Related
Feb 7, 2013
I own a Netgear Router and the wireless capabilities are not working. I have it connected to a comcast arris Modem. When i have and ethernet cable connecting my laptop, router, and modem, i get a connecting. but im not sure how to get the wireless running. I have used this router before ith my old internet provider. Ive tried messing around with the router settings for a while but i cant get it working.
View 1 Replies
View Related
Jan 10, 2012
I have a customer who has a Cisco 2821 router with software 2821/HSEC/K9 and they wish to upgrade to C2821-VSEC-SRST/K9.From my understanding they want to use the same router but install an IOS with the capabilites it has at the moment but with voice. [code]How do I go about pricing this up and what upgrade sku's will do this?I am not to worried about the memory.Is it just a simple ios upgrade as the srst licenses are on a trust basis?
View 2 Replies
View Related
Dec 10, 2012
Catalyst 4500 or 6500 VSS Capabilities?
View 6 Replies
View Related
Mar 1, 2006
Does it have this switch some port mirroring capability (SPAN or other)?
View 2 Replies
View Related
Jan 11, 2011
what is the set up procedure for adding a printer with wifi capabilities?
View 1 Replies
View Related
Dec 22, 2012
I have built my own computer and have almost finished with everything, but I am unsure as to how to set up the wireless capabilities for it. I am submitting this thread on the computer itself, but am using an ethernet cord to connect to the internet. I don't know if I need to download and install a different driver or if there is a simple way to just change some settings in the control panel. I am using windows 7 64 bit. The networking hardware is a realtek 8111f Gigabit LAN controller
View 1 Replies
View Related
May 23, 2012
I'm trying to set up a wireless bridge as part of my network and I'm having some issues.I'm only assuming I need a wireless bridge setup based on what I've gathered in forums such as this, but perhaps I'm barking up the wrong tree.Internet Modem --hard wire-- Belkin F9K1102 Router {{{fancy wifi waves}}} TP-Link TL-WR340G Router --hard wire-- CPU..I already have a working wireless/wired router (Belkin) that I use to get online. I have a CPU that can only connect to my network via hard wire in another room. Running a hard wire from my Belkin router to the CPU is NOT an option. Therefore, I would like to use my TP-Link router (which has built in WDS wireless bridge capability) as a wireless bridge and have it connect to my Belkin router and thereby the network and the internet via wifi. I will then connect my CPU to the TP-Link router via hard wire.
I've tested both routers directly and independently connected to the modem and they both work fine. The issue I have is only in trying to get the bridge between them to work. I've followed various tutorials (TP-Link website, YouTube videos, site like this one, etc.) to no avail.I know that my Belkin router does not specifically have wireless bridge capabilities, but I'm not sure if BOTH routers having this capability is necessary for a wireless bridge to work or not.I also have multiple screen shots of the router configuration settings for both routers which can be provided if need be.
View 8 Replies
View Related
Jan 30, 2013
I have a higrade VA250D laptop, I have just connected a wireless adapter to my main pc, but when i try to connect the laptop to the wireless connection i get the message that "the wireless adapter is turned off. turn the wireless connection on by means of the switch usually found on the side or front of the unit or by means of the function keys". I do not have a switch on anywhere of the outside of the laptop and i am unable to find a function key to turn it on. How to switch the wireless capabilities on. I have checked on the device manager and it has a green tick and says that the device is working properly.
View 5 Replies
View Related
Sep 16, 2012
Can I have two wireless networks running in the house? Does a low internet speed affects my home network sharing capabilities? Can I have one network with internet and the other one just intranet. I would like to stream using DLNA without affecting my internet speed. I have D-link router DGL-4500 and another router Cisco Linksys E1000 new in a box.The internet provider in my area only provides up to 750KBps. I have a large number of internet enable wireless devices and most of the time the connections is not even fast enoguh to even stream youtube video
View 2 Replies
View Related
Mar 19, 2011
Can I daisy chain an RV042 and a WRTSL54GS and have them work properly? I would like to take advantage of the VPN piece of the RV042 (as the primary router) and the wireless and storage capabilities of the WRTSL54GS.
View 1 Replies
View Related
Sep 7, 2011
How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
View 1 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
Feb 19, 2012
I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies
View Related
Aug 23, 2011
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
View 21 Replies
View Related
Feb 27, 2013
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
View 5 Replies
View Related
Dec 22, 2011
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
View 7 Replies
View Related
May 3, 2011
I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???
View 4 Replies
View Related
May 28, 2012
I have a cisco asa 5505 firewall. Is it possible to block secure websites in it like [URL]? I have already tried regular expression filtering but it filters only http traffic.
View 4 Replies
View Related
Feb 26, 2011
I am trying to configure our ASA 5505 so that our users can access our ftp site using [URL] while inside the firewall. Our ftp site is setup so that you can reach it by either browsing to the above url or by browsing to ftp://99.23.119.78 but we are unable to access our ftp site from either route while inside the firewall. We can access our ftp site using the internal ip address of 192.168.1.3.
Here is our current confguration:
Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0 !interface Vlan2nameif ATTsecurity-level 0pppoe client vpdn group ATTip address pppoe setroute !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveobject-group service DM_INLINE_TCP_1 tcpport-object eq ftpport-object eq ftp-dataport-object eq wwwaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in extended permit tcp any interface ATT eq ftp access-list ATT_access_in extended permit tcp any interface ATT eq ftp-data access-list ATT_access_in extended permit tcp any interface ATT eq www access-list 100 extended permit tcp any interface ATT eq ftp
[code]....
View 6 Replies
View Related
Nov 21, 2012
New to the ASA 5505 8.4 software version, but here is what I'm trying to do:
-Single static public IP: 16.2.3.4
-Need to PAT several ports to three separate servers behind firewall
-One server houses email, pptp server, ftp server and web services: 10.1.20.91
-One server houses drac management (port 445): 10.1.20.92
-One server is the IP phone server using a range of ports: 10.1.20.156
Basically, need to PAT the ports associated with each server to the respective servers behind the ASA 5505. Is anything missing from this config? Do I need to include a global policy for PPTP and SMTP? [code]
View 11 Replies
View Related
Apr 27, 2011
I'm integrating a Cisco ASA5505 with a Websense proxy. I have a configuration setup where we have four routers which are used for Internet access. There are two VLAN's - Guest and Private. What I would like to achieve is making the use of available bandwidth by load distribution via GLBP, and filtering users web traffic. Two routers will be used for a GLBP group in one VLAN, and the other two routers will be used for GLBP in another VLAN.The users are connected to a Cisco 2960 switch and are in their respective VLAN's. I'm planning a 802.1q trunk to a Cisco ASA from the 2960 switch, carrying both VLAN's.What I would like to know is if there is a CSC module (or similar) which has Websense installed on it, and if it is possible to setup the ASA5505 in transparent mode to filter the traffic in this way? Hopefully this would allow multiple users to take advantage of the additional bandwidth, and not be restricted by using a traditional proxy setup which where all web traffic would be originating from a single MAC address.
View 1 Replies
View Related
Apr 18, 2012
I am looking for a PoE switch with Routing capabilities (e.g osfp) something lower end than 3560E.
View 10 Replies
View Related
Apr 30, 2012
I have an issue with my firewall,each time i configured a trunk port in the firewall and connect a sw 2960S with a trunk port also, all the interfaces in the Firewall go down ( virutal intertaces, inside, outside , dmz) , also another switch 3750 that is connected to another port in the firewall( access port only) it start to a new negotiation of spanning tree.What could be causing this problem? the firewall didnt sedn bdpdu i think the IOS of the firewall its a 8.2
View 3 Replies
View Related
Jun 12, 2012
we are planning on connecting a new aquired company to ours soon?We will connect the remote site to the HQ via a D3. I've been told we will need to have a firewall between them and us for a time. I was thinking of terminating the D3 connection at the remote site of 80 users. Can I use the asr as a firewall as well, to protect the HQ from the Remote site - or should I use a seperate appliance?I was thinking of a asa5505 but, am concerned with bandwidth limitations of the box?
View 1 Replies
View Related
Sep 11, 2007
I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.
View 5 Replies
View Related
Nov 11, 2011
When I upgrade the ios on switches, I just create int vlan1 assign it an ip and subnet, then tftp to my pc that is plugged into the switchport using the download-sw command.
I am not sure how to do this on the asa. Do I just plug my pc into port 0 which the documentation says is mapped to vlan 1 with and ip of 192.168.1.1? I tried this by making my pc's ip 192.168.1.2 but am unable to ping the asa. Do I have to change the security level or anything?
View 1 Replies
View Related
Mar 18, 2011
I’ve been using a Cisco ASA 5505 Security Plus bundle for two years now without any problems. My previous Internet Service Provider was routing the external IP I was leasing directly through to my internal network without NAT which my ASA 5505 was working well with. Thus, I had configured my 5505 to provide NAT to my inside network which includes two subnets one for my workstations and internal "private" resources and a DMZ to provide access to my webserver, email server and two domain name servers; but restrict access to my internal; resources. i recently changed my ISP to Verizon FiOS (which is providing me with 25 Mb bandwidth at a fraction of the cost of my old T1) which is set up to provide 5 Static externally facing IP numbers for my email, webserver and name servers;. The problem is the Verizon router doesn’t support my use of the ASA Appliance (at least not the way it is currently configured. Verizon recommend I purchase a business class router and use it in place of the one they provided with my installation. With this in mind, I bought a Cisco RVS4000. I have configured it to use the primary external IP number and have internet access; however, the new router is providing NAT addressing which the ASA is in conflict with (they are both using the same NAT IP range). I'm assuming the ASA 5505 is expecting to have access to the external IP addressed (since that is what it was getting before) and NOT NAT address. How to configure the new router to either provide access to the five static external “real world” IP to my Cisco ASA Firewall. However, I just need to get my ASA 5505 back in the loop and would prefer to do this rather than go back to the Verizon router combined with a low end firewall. So, my questions are: Does the ASA 5505 expect real world External IP numbers? Or can it work with NAT addresses being fed to it from the router? And, if so, how do I configure the access rules and other items which are currently mapping to external numbers?
View 27 Replies
View Related
Sep 21, 2012
I am configuring a Cisco ASA 5505 firewall.In the office there is 1 x SBS 2008 server and 5 x PCs, all sat behind a Netgear DGN1000 ADSL router.We want to implement a ASA 5505 for added security.I have configured the internal interface of the Cisco ASA 5505 to be 192.168.0.1 - this is connected to local switch. The client PCs use 192.168.0.1 as their default gateway.I have configured the external ASA 5505 interface to be x.x.x.217. [code]Change the current router status from Router/Firewall/Modem to Modem only (Bridge mode). The ASA 5505 has its outside interface connected into one of the LAN ports of the netgear. The lan port has an IP of 192.168.0.254.
View 3 Replies
View Related
