Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Fwall Security

Hi

Requirement are -

  1. terminate 50 L2L VPN
  2. 50 concurrent SSL VPN session total 250 users
  3. 20 User VPN using Cisco VPN Client
  4. NAT traffic for Proxy Server located on LAN
  5. NAT IP for Email Edge Gateway
  6. Support Netflow
  7. Microsoft AD integrated for SSL user connection
  8. 100 devices to be configured as AAA

vendors quoted ASA 5525 and ACS  appliance 3415-K9

any feedback if the sizing is correct

Can you expert advise if ASA 5525 with IPS is better option than ASA 5525 with CX 

thanks

ST


1 ACCEPTED SOLUTION

Accepted Solutions

Fwall Security

I think you need the flowing license

Web Security Essentials license—This subscription-based license allows the use of URL filtering and the use of web-reputation-based policies. Specifically, you need this license if you want to use URL objects or web reputation profiles in policies

http://www.cisco.com/en/US/docs/security/asacx/9.1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1_chapter_0101.html#concept_49303E3A8E3B4C2095B8B26391897183

hope this help, if helpful rate

4 REPLIES

Fwall Security

Based on the numbers you have it is good option

The Asa cx is the next generation asa which can give more capabilities

Cisco® ASA CX Context-Aware Security is a modular security service that addresses these needs by blending a proven stateful inspection firewall with next-generation capabilities and a host of additional network-based security controls - for end-to-end network intelligence and streamlined security operations. Cisco ASA CX enables organizations to rapidly adapt to dynamic business needs while maintaining the highest levels of security. Like most next-generation firewalls, ASA CX delivers application and user ID awareness capabilities for enhanced visibility and control of network traffic. In addition, ASA CX enables administrators to:

• Control specific behaviors within allowed micro-applications

• Restrict web and web application usage based on reputation of the site

• Proactively protect against Internet threats

• Enforce differentiated policies based on the user, device, role, and application type

IPS capabilities will be embedded into ASA CX, You need to check if it's embedded now !

Hope this help

New Member

Fwall Security

thanks marwan, on ASA CX are there any additional license to be purchased for url filtering and application restriction or with standard license all is covered.

regards

ST

Fwall Security

I think you need the flowing license

Web Security Essentials license—This subscription-based license allows the use of URL filtering and the use of web-reputation-based policies. Specifically, you need this license if you want to use URL objects or web reputation profiles in policies

http://www.cisco.com/en/US/docs/security/asacx/9.1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1_chapter_0101.html#concept_49303E3A8E3B4C2095B8B26391897183

hope this help, if helpful rate

New Member

Fwall Security

Thank u

1805
Views
0
Helpful
4
Replies
CreatePlease login to create content