Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
4
Replies

Small business firewall solution?

Go to solution
Kyle_McIver
Level 1
Level 1

‎10-24-2008 12:50 PM - edited ‎03-11-2019 07:02 AM

I am setting up the routing end of the installation for the first time for a small company. The ASA 5505 seems to fit the bill and the budget but I see there are several different packages available.

I guess my most urgent question is do I need to get the Cisco ASA 5505 Security Plus Firewall Edition Bundle with DMZ support to be able to setup a perimeter network configuration in the future?

The main features I need are VPN accessibility, and obviously a firewall setup. I have plans in the future to expand to a perimeter network setup when the budget allows.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
suschoud
Cisco Employee
Cisco Employee

‎10-24-2008 03:10 PM

Hi,

dmz support will only be needed if you have TWO segments on lan side which need to communicate with each other as well as internet.

without dmz support,you would be able to setup two zones on lan side but if you let them both access internet,they would not be able to talk to each other.

sh version

command output confirms

if you see

dmz restricted

in the output,

then the above holds true.

If in " sh ver ",you see " dmz unrestricted ",then there are no constraints in the communication.

Do rate if helpful.

Regards,

Sushil

View solution in original post

0 Helpful

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎10-24-2008 04:35 PM

Kyle,

Based on your description of the "To Be Network", I would recommend that you go with Cisco ASA 5505 Security Plus Firewall Edition Bundle with DMZ which is "ASA5505-SEC-BUN-K9" License. You can find more information from the below URL:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

Now, the reason I recommend the above license is because of your future requirements that might lead to a DMZ Network. From the above URL you can see that the only license on the ASA where you can create DMZ network is by using the above license.

I understand that you are trying to make a good business decision by purchasing the right Hardware and Software License and if you are already comfortable with the information listed on ASA5505 Data Sheet, then I would go ASA5505-SEC-BUN-K9 license.

Regards,

Arul

*Pls rate if it helps*

View solution in original post

0 Helpful
4 Replies 4

Go to solution
suschoud
Cisco Employee
Cisco Employee

‎10-24-2008 03:10 PM

Hi,

dmz support will only be needed if you have TWO segments on lan side which need to communicate with each other as well as internet.

without dmz support,you would be able to setup two zones on lan side but if you let them both access internet,they would not be able to talk to each other.

sh version

command output confirms

if you see

dmz restricted

in the output,

then the above holds true.

If in " sh ver ",you see " dmz unrestricted ",then there are no constraints in the communication.

Do rate if helpful.

Regards,

Sushil

0 Helpful

Go to solution
Kyle_McIver
Level 1
Level 1
In response to suschoud

‎10-24-2008 03:33 PM

I don't have any equipment yet to run any of the commands on, I am currently trying to determine what is necessary.

What exactly do you mean by network segments? Are we talking subnets or like main office/branch office type of setup?

again, I'm not even to the point of being entry level in routing so you may need to explain it to me like I'm 4.

Thanks

Mac

0 Helpful

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎10-24-2008 04:35 PM

Kyle,

Based on your description of the "To Be Network", I would recommend that you go with Cisco ASA 5505 Security Plus Firewall Edition Bundle with DMZ which is "ASA5505-SEC-BUN-K9" License. You can find more information from the below URL:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

Now, the reason I recommend the above license is because of your future requirements that might lead to a DMZ Network. From the above URL you can see that the only license on the ASA where you can create DMZ network is by using the above license.

I understand that you are trying to make a good business decision by purchasing the right Hardware and Software License and if you are already comfortable with the information listed on ASA5505 Data Sheet, then I would go ASA5505-SEC-BUN-K9 license.

Regards,

Arul

*Pls rate if it helps*

0 Helpful

Go to solution
Kyle_McIver
Level 1
Level 1
In response to ajagadee

‎10-24-2008 04:44 PM

Thanks for the help guys.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card