I've been asked to draw up a proposal to replace our existing 3rd party Internet facing firewalls with a new solution.
I have worked a lot in the past with PIX s and Cisco being my area of expertise I am going to propose using an ASA. However I know little about them, and even having read a lot of documentation on the Cisco sites still only have a basic understanding.
The customers network is designed along the 3 layer Campus model, and servers in excess of 6500 users, all of whom require Internet access. My initial leaning is toward the ASA5520. Availability is obviously important, so we'll need at least 2 in failover pair. Does this sound like a reasonable choice?
What I'm not so sure of are the 'Security Contexts' that the ASA apparently has upto 20 of, and the bundle I'm looking at comes with 2. Does this refer to IPS services, the basic firewall function, VPN etc ...? What are the basics you get without all the add-ons?
The 5520 comes with 4 Gigabit and 1 100Mb interface - can the Gig interfcaes be configured as 100Mb?
What does Cisco recommend in terms of firewall monitoring? As these ASAs will be replacing a 3rd party managed service they need to be able to generate alerts based on unusal behaviours, DoS attacks etc. Which software or hardware is required for this?
Also is DoS prevention a standard feature of these ASAs or does it need to be purchased, as I haven't seen it explicitly mentioned in the literature.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :