Hi Everyone, I am currently working on an entire network upgrade for my company. I am working on a network security solution that will enable users to use Cisco IPSec VPN's. I have been doing my research and for my user base of about 50 users, I decided to go with a Cisco ASA 5510 Security Plus and a Cisco 2851 to do any major routing. The reason for using Cisco is due to the fact we have Mac's and iPhone's within our organization and they have native support Cisco IPSec VPN's. I was speaking with Cisco engineers and they recommended the ASA5510 with the 2851 router. My question is why the router as well? Currently we have a PIX 506e and it is doing the job fine without a separate router appliance..
a)What would the benefits to having a separate router be to my organization, we currently operate on a 24 bit network with no other subnets.
b)Any future benefits to doing this?
c)What are the main reasons people have a separate firewall and router?
Basically the way I am looking at this;
My ASA device would be connected to our WAN (Internet Connection). The router would be behind the ASA device on our private network with a private IP. So what is the point of having the router there?
Please if you guys could provide me with some reasons to have a router and an ASA device. Comments like "performance" don't really help me. As anyone can say it but please give examples. I would really appreciate it.
Great information guys, I truely appreciate it.
Basically we are using a PIX 506e right now and it is doing a fine job. It was not recommended to me inside my network thats just how I first pictured it.
We do have a 5Mbps fibre connection, but, it goes through a media converter into our current PIX.
So I guess now my question would be, is if I put it on the outside of my network besides the obvious benefits as stated is there any reason to have one. What benefits would I be getting if I put it on outside the network? What could I do with the router that I could not do with the ASA besides having a many more expansion modules and things like that.
I guess if I did alot of complex routing it would take the load off the ASA device, or redirecting traffic to the internal network it would be nice to have. But I'm wondering if I should just go with the ASA device and then as we grow, purchase the router if needed.
Again, not clear what you would gain. Routers do have much better QOS feature set but then again if it is just an internet connection then QOS is not that relevant.
If you needed WAN connecitvity ie. you go another office for example then the router may well be useful although it's questionable whether you would then want the router on the outside of the ASA.
I am not saying you do not need a router although with the facts given i am struggling to see why you need one at the moment. But if you have been recommended to buy a router as well as an ASA there may be a very good reason that we have not covered.
It really would be worth going back and asking why you were recommended a router as well as a firewall just in case we have missed some requirement you have.
I agree with Jon on his assesment but perhaps the router was recommended in the inside to run some kind of CallManager service?
You mentioned having IP Phones, ISR routers such as the 2851 provide a very nice CallManager service for a low price.
As Jon mentioned, having it outside provides WAN interfaces not available in the ASA and feature rich services like QoS and Netflow.