Cisco Firewall :: ASA5510 Expansion Capabilities
Aug 28, 2011
Before I decide to purchase the ASA5510 as our firewall solution I'd like to clear up some confusion I have regarding its expansion capabilities. According to the Cisco website, the ASA5510 supports 1x SSM expansion slot. Intrusion prevention (IPS) is supported via the AIP SSM. Content Security (anti-virus/spyware, file blocking) is supported via the CSC SSM.
One would assume that only one of these expansions can be enabled at time since it is clearly stated that the ASA5510 supports 1x SSM expansion (AIP SSM or CSC SSM). However, the Cisco representatives I've spoken with on the phone claim I can concurrently run both the AIP SSM and CSC SSM in a single ASA5510.
Also, I am debating if the ASA5510 is overkill for our network infrastructure and perhaps we should be going with the ASA5505. Essentially, we have a large network of users and we'd like to firewall three machines from the users such that only certain users (15 users) are allowed to access them. Are there any other compelling arguments to use the ASA5510 instead of the ASA5505 aside from the fact that ASA5505 does not support content security?
View 3 Replies
ADVERTISEMENT
Sep 12, 2012
I'm currently looking at the slew of firewall options out on the market. I have the task of recommending one for a client that has the most functionality for a reasonable cost (preferably no more than $800). I typically would go with the ASA 5505 w/base lic. I have been using ASA devices for some years now and they have been great. But, as with the ever changing internet and security threats, would I be ok in going with the ASA? I'll admit I'm not knowledgeable in all the capabilities of the ASA. Is it considered a "Nex-Gen" firewall? Where is the ASA ranked in comparison to the other options like SonicWall, Juniper, Fortinet, etc.? I've worked with SonicWall and Juniper, but did not like them. It has been sometime though, so maybe they have gotten better.
With having layer 7 filtering and IDS/IPS capabilities, one feature I will need is VLAN capabilities and ability to provide separate DHCP service for each VLAN (ASA can do this). I will be setting up a guest, internet only, network. VLAN trunking would be nice (ASA can do this with security plus lic, expensive though). In addition, having solid VPN capabilities (client and site-to-site). Good product support and documentation is a must too.
View 1 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Jan 7, 2013
I want install a wireless card--dual band, N, -- in my Studio XPS 9000 desktop. I have a dual band router.My questions:
1. Are the expansion slots PCI or PCI Express?
2. What card is recommended?
View 1 Replies
View Related
Jan 7, 2013
We have a requirement to build a datacenter within a datacenter for a new project. The existing Core network is 2 x Cisco 6509 in VSS configuration. We would like to connect the new datacenter to the existing Core switch from the new low-end Core switch. This datacenter would have a SAN network and blader chassis.
Listing the Cisco Switches requirements and expansion module requirements ?
- What expansion module is required at existing 6509 ? Can we have one 10Gibit modules on each switches and crate a port-channel connection from new datacenter core switch ?
- Which model of Switch you recommend for the new Datacenter Core which is only going to have one SAN Enclosure and two blade chassis? Will it be a good option to use 3750E ? If yes do we need any additional modules there ?
- Which aggregation switch should we use for the blade enclosure ?
- Should we have a Cisco Embedded Switch module on the chassis to create trunk with aggregation switch ?
- How the SAN director switch is connecting to the LAN ? should we have any particular module at new Core switch ?
View 0 Replies
View Related
Mar 1, 2012
Currently I have a Cat4506 chassis with a Sup II+ engine and one WS-X4232-RJ-XX linecard with the WS-U4504-FX-MT daughtercard to provide uplinks to four Cat2955 switches. I chose the Cat2955 because the switches are in an industrial facility and they fit the envrionment very well. Each of them has a multimode fiber uplink.
The issue I have now is that I need to add at least 4 more Cat2955 switches to the topology and find that the x4232 is EOL. I can always find a used one somewhere, but is there another currently shipping linecard that will do the trick? I see there is WS-X4248-FE-SFP with the 100BaseX interfaces, but don't really need 48 ports, just 8.
Is there another linecard that can downswitch a 1000BASE-X port to 100Base-X, or can I use a 100Base-X SPF in a switch like the WS-X4448-GB-SFP?
What are my options, aside from buying another X4232?
View 1 Replies
View Related
Nov 8, 2012
1TB harddisk partitioned into 2, an HFS+ and an exFAT. Could the exFAT partition be the reason? But I do have an HFS+ partition and it's the 1st partition on this disk.
View 1 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Jun 29, 2011
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
View 7 Replies
View Related
Jun 9, 2011
I have 2 CISCO WS-C3750G-12S-E witch I`m concidering using as redundant VLAN routers for a small WISP network.Do not have much experiences with these, so I might be asking stupid questions...The network has about 2000 connected clients.
Traffic is about 300 - 400 Mbps duplex.
100000 - 150000 PPS
Expected this to get to about 3000 connected clients.
Traffic about 500 - 700 Mbps duplex.
150000 - 200000 PPS
Before these end their duty Are they up for the task, or do you reccomed something different?
View 15 Replies
View Related
Sep 10, 2012
i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
View 3 Replies
View Related
Jul 21, 2011
I have a ASA5510 and I have a question about the speed the ports can handle, here is one port:
-interface Ethernet0/2
- speed 100
-shutdown
- no nameif
-no security-level
-no ip address
it's ethernet and not fastethernet so I figure it will only go to 10Mbps, but at the same time I can hard code the speed to 100.
View 2 Replies
View Related
Feb 22, 2012
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies
View Related
Jun 7, 2011
I will be purchasing an Insprion 570 with an AMD Athlon II X2 Processor 245 and 4 gigabytes of RAM from Dell in a short while as a budget gaming computer. I have a Qwest wireless router connected to my main rig, and I was just wondering if I would need to buy a wireless adapter, namely the Netgear WNA3100 Wireless-N 300Mbps USB Adapter from Dell, to be able to recognize and connect to the network, or would it automatically recognize the network without it.
View 3 Replies
View Related
May 4, 2012
I have a cisco asa 5510 with security plus license in Live enviroment . I need to add a secondary firewall . I was planning to do in active /standby mode for failover .But i have a doubt , when i do "show version " on live asa output says Active /active failover , does this means that i can only configure failover in active/active mode not in active/standby (which i want to do )?
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5505 Security Plus license...
View 4 Replies
View Related
Feb 12, 2012
i am using Cisco ASA5510 Firewall in my Network in the distrubition Layer .Private Range of Network Address use in the Network and PAT at the FW for address translation.presently encountering an issue the users behind the FW in my network unable to RDP at port 2000 presented at the Client Network.Able to Telnet on port2000 but not RDP . any changes needed at the FW end to get the RDP Access.
View 12 Replies
View Related
Sep 15, 2011
I have a Toshiba A665D. For some reason the wireless capabilities is turned on and doesnt turn back on no matter.what ive done
- ive tired fn+f8 but it tells me waireless capabilities are disabled.
- the wireless button on top of the keyboard above the f8 does not do anything but light off then light back up
- in Windows Mobility Center, the turn wireless on button is disabled so i cant use it
- ive even tried uninstalling the driver and restarting the computer
- system restore doesn't work
View 11 Replies
View Related
Feb 7, 2013
I own a Netgear Router and the wireless capabilities are not working. I have it connected to a comcast arris Modem. When i have and ethernet cable connecting my laptop, router, and modem, i get a connecting. but im not sure how to get the wireless running. I have used this router before ith my old internet provider. Ive tried messing around with the router settings for a while but i cant get it working.
View 1 Replies
View Related
Jan 10, 2012
I have a customer who has a Cisco 2821 router with software 2821/HSEC/K9 and they wish to upgrade to C2821-VSEC-SRST/K9.From my understanding they want to use the same router but install an IOS with the capabilites it has at the moment but with voice. [code]How do I go about pricing this up and what upgrade sku's will do this?I am not to worried about the memory.Is it just a simple ios upgrade as the srst licenses are on a trust basis?
View 2 Replies
View Related
Dec 10, 2012
Catalyst 4500 or 6500 VSS Capabilities?
View 6 Replies
View Related
Mar 1, 2006
Does it have this switch some port mirroring capability (SPAN or other)?
View 2 Replies
View Related
Jan 11, 2011
what is the set up procedure for adding a printer with wifi capabilities?
View 1 Replies
View Related
Dec 22, 2012
I have built my own computer and have almost finished with everything, but I am unsure as to how to set up the wireless capabilities for it. I am submitting this thread on the computer itself, but am using an ethernet cord to connect to the internet. I don't know if I need to download and install a different driver or if there is a simple way to just change some settings in the control panel. I am using windows 7 64 bit. The networking hardware is a realtek 8111f Gigabit LAN controller
View 1 Replies
View Related
May 23, 2012
I'm trying to set up a wireless bridge as part of my network and I'm having some issues.I'm only assuming I need a wireless bridge setup based on what I've gathered in forums such as this, but perhaps I'm barking up the wrong tree.Internet Modem --hard wire-- Belkin F9K1102 Router {{{fancy wifi waves}}} TP-Link TL-WR340G Router --hard wire-- CPU..I already have a working wireless/wired router (Belkin) that I use to get online. I have a CPU that can only connect to my network via hard wire in another room. Running a hard wire from my Belkin router to the CPU is NOT an option. Therefore, I would like to use my TP-Link router (which has built in WDS wireless bridge capability) as a wireless bridge and have it connect to my Belkin router and thereby the network and the internet via wifi. I will then connect my CPU to the TP-Link router via hard wire.
I've tested both routers directly and independently connected to the modem and they both work fine. The issue I have is only in trying to get the bridge between them to work. I've followed various tutorials (TP-Link website, YouTube videos, site like this one, etc.) to no avail.I know that my Belkin router does not specifically have wireless bridge capabilities, but I'm not sure if BOTH routers having this capability is necessary for a wireless bridge to work or not.I also have multiple screen shots of the router configuration settings for both routers which can be provided if need be.
View 8 Replies
View Related
Jan 30, 2013
I have a higrade VA250D laptop, I have just connected a wireless adapter to my main pc, but when i try to connect the laptop to the wireless connection i get the message that "the wireless adapter is turned off. turn the wireless connection on by means of the switch usually found on the side or front of the unit or by means of the function keys". I do not have a switch on anywhere of the outside of the laptop and i am unable to find a function key to turn it on. How to switch the wireless capabilities on. I have checked on the device manager and it has a green tick and says that the device is working properly.
View 5 Replies
View Related
Sep 16, 2012
Can I have two wireless networks running in the house? Does a low internet speed affects my home network sharing capabilities? Can I have one network with internet and the other one just intranet. I would like to stream using DLNA without affecting my internet speed. I have D-link router DGL-4500 and another router Cisco Linksys E1000 new in a box.The internet provider in my area only provides up to 750KBps. I have a large number of internet enable wireless devices and most of the time the connections is not even fast enoguh to even stream youtube video
View 2 Replies
View Related
Mar 19, 2011
Can I daisy chain an RV042 and a WRTSL54GS and have them work properly? I would like to take advantage of the VPN piece of the RV042 (as the primary router) and the wireless and storage capabilities of the WRTSL54GS.
View 1 Replies
View Related
Mar 14, 2011
We have to use scp on all of our network devices. It worked quite well on our routers and switches but I can't seem to get it to work for the firewalls and IPS. I enabled scp on my ASA5510 using the command "ssh scopy enable". I also ensured that a rsa key was generated and that ssh ver 2 was enabled. But I can't seem to locate the commands to actually have my firewall either copy it's configuration to a server or reach out to a server to pull down a file. We are using IOS 8.2(1).
View 1 Replies
View Related
Mar 22, 2011
I have a customer who wants to prioritze rdp traffic throgh the firewall.I know that its port 3389, but outgoing traffic is a random port number.Any smart way to catch this traffic and get it in the LLQ ?
View 3 Replies
View Related
Mar 26, 2013
We have a network configured this way : 192.168.1.1/24 and we reached it's limit, is there any way to extend it having the same scheme and keeping communications between the machines, I've tried 192.168.2.1 but it simply doesn't work.
View 8 Replies
View Related
Sep 13, 2012
we have ASA 5510 which we need to upgrade from 8.0(3) to 8.2.5. can we directly switch to 8.2.5 from 8.0(3) , if not what all versions we need to go from.
What all point needs to check before that following is show flash output.
97 14635008
Jan 01 2003 14:12:16 asa803-k8.bin 98 4096
May 14 2008 21:22:10 tmp 2 4096
Apr 20 2008 02:21:46 log 6 4096
Apr 20 2008 02:22:16 crypto_archive 99 6851212
[Code] .....
View 4 Replies
View Related
Sep 18, 2011
My device has 3 interfaces configured: inside, outside, DMZ. Right now I can access the DMZ from the Internet and I can access the DMZ from the LAN using an exempt nat statement. I am having a few issues setting up DMZ > LAN access however. The servers running on the DMZ need to send information to my LAN such as syslog traffic for example. Will DMZ traffic be NATed or should this somehow be excluded? Bascially all LAN devices should get to the DMZ devices by their actual IP and vice versa. Are there any special statements I need to add to the ASA such as nat or ACLs to make this work? My LAN is 10.10.6.0/24 and DMZ is 192.168.254.0/24.
View 1 Replies
View Related
Oct 20, 2011
I have a ASA 5510 with asa8.4(2) and asdm6.4(5)205. Have a new basic config, nothing special at this time. I just cannot seem to get from the inside to the outside. From the outside interface I can ping, so I have a good Internet connection. [code]
View 3 Replies
View Related
