Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Making a 5510 a firewall and router?

Hello,

I'm currently looking into purchasing a 5510 asa with the security plus for HA and vpn capabilities.

My network flow as I'm envisioning it is

Internet -> 5510 -> Switches -> servers.

Will that work?

I only need the 5510 to do vpn, and PAT(that is where you map specific ports on public ips to internal ports on internal ips right? )

This deep network stuff is still new to me.

Thanks for the help in advance.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Making a 5510 a firewall and router?

cmuench@gmail.com

Hello,

I'm currently looking into purchasing a 5510 asa with the security plus for HA and vpn capabilities.

My network flow as I'm envisioning it is

Internet -> 5510 -> Switches -> servers.

Will that work?

I only need the 5510 to do vpn, and PAT(that is where you map specific ports on public ips to internal ports on internal ips right? )

This deep network stuff is still new to me.

Thanks for the help in advance.

Chris

Yes it will work providing the Internet connection is presented to you as ethernet so you can connect it straight into the ASA. That's often why routers are used because they have a much greater range of interface types eg. ATM, serial etc. You should be able to request also whether the ethernet is presented on fibre or copper to match your interfaces available.

Yes the ASA will do NAT/PAT where you map public IPs/ports to private IPs ports. As long as this is all you need you should be fine but it is important to get the full list of requirements before you purchase because the ASA is primarily a firewall and as such lacks some of the more commonly used IOS functions such as load-balancing across 2 links, PBR (Policy Based Routing).

But from the information you have provided an ASA would do the job.

Jon

3 REPLIES
Hall of Fame Super Blue

Re: Making a 5510 a firewall and router?

cmuench@gmail.com

Hello,

I'm currently looking into purchasing a 5510 asa with the security plus for HA and vpn capabilities.

My network flow as I'm envisioning it is

Internet -> 5510 -> Switches -> servers.

Will that work?

I only need the 5510 to do vpn, and PAT(that is where you map specific ports on public ips to internal ports on internal ips right? )

This deep network stuff is still new to me.

Thanks for the help in advance.

Chris

Yes it will work providing the Internet connection is presented to you as ethernet so you can connect it straight into the ASA. That's often why routers are used because they have a much greater range of interface types eg. ATM, serial etc. You should be able to request also whether the ethernet is presented on fibre or copper to match your interfaces available.

Yes the ASA will do NAT/PAT where you map public IPs/ports to private IPs ports. As long as this is all you need you should be fine but it is important to get the full list of requirements before you purchase because the ASA is primarily a firewall and as such lacks some of the more commonly used IOS functions such as load-balancing across 2 links, PBR (Policy Based Routing).

But from the information you have provided an ASA would do the job.

Jon

New Member

Re: Making a 5510 a firewall and router?

This is for a datacenter so they give me an ethernet drop which will plug into the ASA.  Sweet.

As for the load-balancing or the PBR don't need that stuff.

One other question for you.  The boss wants this new firewall to have an IDS.

does the 5510 support this?  We were planning on getting the security edition as we need the vpn stuff.

Does that have any IDS stuff inside it?

Cisco Employee

Re: Making a 5510 a firewall and router?

Chris,

The ASA5510 can use a AIP card on it that can do the IDS/IPS part.

So you can have the ASA do the firewalling and IDS AIP-SSM card in it as your IDS.

I hope it helps.

PK

352
Views
0
Helpful
3
Replies
CreatePlease to create content