Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
3
Replies

Making a 5510 a firewall and router?

Go to solution
cmuench
Level 1
Level 1

‎02-16-2010 10:07 AM - edited ‎03-11-2019 10:10 AM

Hello,

I'm currently looking into purchasing a 5510 asa with the security plus for HA and vpn capabilities.

My network flow as I'm envisioning it is

Internet -> 5510 -> Switches -> servers.

Will that work?

I only need the 5510 to do vpn, and PAT(that is where you map specific ports on public ips to internal ports on internal ips right? )

This deep network stuff is still new to me.

Thanks for the help in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-16-2010 12:10 PM 

cmuench@gmail.com
Hello,
I'm currently looking into purchasing a 5510 asa with the security plus for HA and vpn capabilities.
My network flow as I'm envisioning it is
Internet -> 5510 -> Switches -> servers.
Will that work?
I only need the 5510 to do vpn, and PAT(that is where you map specific ports on public ips to internal ports on internal ips right? )
This deep network stuff is still new to me.
Thanks for the help in advance.

Chris

Yes it will work providing the Internet connection is presented to you as ethernet so you can connect it straight into the ASA. That's often why routers are used because they have a much greater range of interface types eg. ATM, serial etc. You should be able to request also whether the ethernet is presented on fibre or copper to match your interfaces available.

Yes the ASA will do NAT/PAT where you map public IPs/ports to private IPs ports. As long as this is all you need you should be fine but it is important to get the full list of requirements before you purchase because the ASA is primarily a firewall and as such lacks some of the more commonly used IOS functions such as load-balancing across 2 links, PBR (Policy Based Routing).

But from the information you have provided an ASA would do the job.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-16-2010 12:10 PM 

cmuench@gmail.com
Hello,
I'm currently looking into purchasing a 5510 asa with the security plus for HA and vpn capabilities.
My network flow as I'm envisioning it is
Internet -> 5510 -> Switches -> servers.
Will that work?
I only need the 5510 to do vpn, and PAT(that is where you map specific ports on public ips to internal ports on internal ips right? )
This deep network stuff is still new to me.
Thanks for the help in advance.

Chris

Yes it will work providing the Internet connection is presented to you as ethernet so you can connect it straight into the ASA. That's often why routers are used because they have a much greater range of interface types eg. ATM, serial etc. You should be able to request also whether the ethernet is presented on fibre or copper to match your interfaces available.

Yes the ASA will do NAT/PAT where you map public IPs/ports to private IPs ports. As long as this is all you need you should be fine but it is important to get the full list of requirements before you purchase because the ASA is primarily a firewall and as such lacks some of the more commonly used IOS functions such as load-balancing across 2 links, PBR (Policy Based Routing).

But from the information you have provided an ASA would do the job.

Jon

0 Helpful

Go to solution
cmuench
Level 1
Level 1
In response to Jon Marshall

‎02-17-2010 07:58 AM

This is for a datacenter so they give me an ethernet drop which will plug into the ASA.  Sweet.

As for the load-balancing or the PBR don't need that stuff.

One other question for you.  The boss wants this new firewall to have an IDS.

does the 5510 support this?  We were planning on getting the security edition as we need the vpn stuff.

Does that have any IDS stuff inside it?

0 Helpful

Go to solution
Panos Kampanakis
Cisco Employee
Cisco Employee
In response to cmuench

‎02-17-2010 08:52 AM

Chris,

The ASA5510 can use a AIP card on it that can do the IDS/IPS part.

So you can have the ASA do the firewalling and IDS AIP-SSM card in it as your IDS.

I hope it helps.

PK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card