10-24-2008 12:50 PM - edited 03-11-2019 07:02 AM
I am setting up the routing end of the installation for the first time for a small company. The ASA 5505 seems to fit the bill and the budget but I see there are several different packages available.
I guess my most urgent question is do I need to get the Cisco ASA 5505 Security Plus Firewall Edition Bundle with DMZ support to be able to setup a perimeter network configuration in the future?
The main features I need are VPN accessibility, and obviously a firewall setup. I have plans in the future to expand to a perimeter network setup when the budget allows.
Solved! Go to Solution.
10-24-2008 03:10 PM
Hi,
dmz support will only be needed if you have TWO segments on lan side which need to communicate with each other as well as internet.
without dmz support,you would be able to setup two zones on lan side but if you let them both access internet,they would not be able to talk to each other.
sh version
command output confirms
if you see
dmz restricted
in the output,
then the above holds true.
If in " sh ver ",you see " dmz unrestricted ",then there are no constraints in the communication.
Do rate if helpful.
Regards,
Sushil
10-24-2008 04:35 PM
Kyle,
Based on your description of the "To Be Network", I would recommend that you go with Cisco ASA 5505 Security Plus Firewall Edition Bundle with DMZ which is "ASA5505-SEC-BUN-K9" License. You can find more information from the below URL:
Now, the reason I recommend the above license is because of your future requirements that might lead to a DMZ Network. From the above URL you can see that the only license on the ASA where you can create DMZ network is by using the above license.
I understand that you are trying to make a good business decision by purchasing the right Hardware and Software License and if you are already comfortable with the information listed on ASA5505 Data Sheet, then I would go ASA5505-SEC-BUN-K9 license.
Regards,
Arul
*Pls rate if it helps*
10-24-2008 03:10 PM
Hi,
dmz support will only be needed if you have TWO segments on lan side which need to communicate with each other as well as internet.
without dmz support,you would be able to setup two zones on lan side but if you let them both access internet,they would not be able to talk to each other.
sh version
command output confirms
if you see
dmz restricted
in the output,
then the above holds true.
If in " sh ver ",you see " dmz unrestricted ",then there are no constraints in the communication.
Do rate if helpful.
Regards,
Sushil
10-24-2008 03:33 PM
I don't have any equipment yet to run any of the commands on, I am currently trying to determine what is necessary.
What exactly do you mean by network segments? Are we talking subnets or like main office/branch office type of setup?
again, I'm not even to the point of being entry level in routing so you may need to explain it to me like I'm 4.
Thanks
Mac
10-24-2008 04:35 PM
Kyle,
Based on your description of the "To Be Network", I would recommend that you go with Cisco ASA 5505 Security Plus Firewall Edition Bundle with DMZ which is "ASA5505-SEC-BUN-K9" License. You can find more information from the below URL:
Now, the reason I recommend the above license is because of your future requirements that might lead to a DMZ Network. From the above URL you can see that the only license on the ASA where you can create DMZ network is by using the above license.
I understand that you are trying to make a good business decision by purchasing the right Hardware and Software License and if you are already comfortable with the information listed on ASA5505 Data Sheet, then I would go ASA5505-SEC-BUN-K9 license.
Regards,
Arul
*Pls rate if it helps*
10-24-2008 04:44 PM
Thanks for the help guys.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: