Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Recommended features for ASA 5520

My current network setup has pix 525 firewall and for IDS i have 4215 box.As the utilization is high i am buying new ASA5520 firewall.

My query is

1 My IDS is end of support should i buy an IPS moudle with the asa 5520.is it recommended?

2 Other than firewalling what are the default features supported in asa 5520 like vpn,content filtering etc.

Everyone's tags (5)
11 REPLIES

Recommended features for ASA 5520

Hi Sujeendran,

Yes. You can use 5520 as IPS but there are some limitations based on the licensing and modules.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

Refer the above datasheet which gives you featureset of entire 5500 series ASA models.

That has the through put details, ips throughput, vpn etc...

Please do rate if the given information helps

By

Karthik

New Member

Recommended features for ASA 5520

Hi karthik ,

    Thank you for the quick response.i will check the data sheet .here there is a huge traffic through the firewall.Hope you are suggesting a separate ips box  ?

Recommended features for ASA 5520

Hi Sujeendran,

Its up to you. How do u decide? My suggestion over here is go for an higher version and throughput by keeping future expansion in mind as well. As suggested by other techies go for the x-model ASA which will be better throghput and cost effective.

Please do rate if the given information helps.

By

Karthik

Recommended features for ASA 5520

Hi Bro

Cisco ASA 5520 and Cisco PIX 525 are about the same family. The throughput is no difference (450Mbps). I would propose that you purchase Cisco ASA 5540 instead, that comes with higher throughput. After all, you did mentioned that your network utilization is high. Cisco ASA 5540 supports Cisco ASA AIP SSM-40.

 

Yes, you should include an IPS module with it as well. The Cisco ASA AIP SSM-40 runs on 650 Mbps throughput.

Besides the above, you could also enable THREAT DETECTION and QOS amoung the many security features available in a Cisco ASA FW software image.

P/S: if you think this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
VIP Purple

Recommended features for ASA 5520

I wouldn't buy the 5520 or the 5540 nowadays anymore. If you want firewall and IPS, the 5525-X should give you all the power you need and you have a more modern platform. (For future growth, there is also the 5545-X, 5555-X, ...) This firewall also doesn't need a hw-module for IPS, instead you activate a sw-process for that:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78_459036.pdf

Recommended features for ASA 5520

Hi Bro

Yes, Karsten Iwen is correct. In fact, if you were to compare ASA5525-IPS-K8 and ASA5520-AIP40-K8 pricing, the Cisco ASA 5525-X (c/w IPS) is way cheaper by easily USD6,000 and has better throughout than the model I've proposed.

Part Number                           Part Description

-----------------------------               ----------------------------------------

ASA5525-IPS-K8                    ASA 5525-X with IPS, SW, 8GE Data, 1GE Mgmt, AC, DES

ASA5520-AIP40-K8                ASA 5520 Appliance w/ AIP-SSM-40, SW, HA, 4GE+1FE, DES

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
New Member

Recommended features for ASA 5520

Dear All,

Thank you for the quick response .The current traffic is around 380 mbps in the pix 525  and cpu is also 90 % .As suggested i will look forward for ASA5525-IPS-K8. Hope this will cater my future requirement .

Re: Recommended features for ASA 5520

Hi Bro

Just because your FW CPU is 90% that doesn't mean you need to upgrade your FW. It could be due to unwanted network traffic and attacks. If you don't look into this now, upgrading your FW will not solve anything, I promise you that much.

Unless you're sure the 90% CPU load is coming from and to valid network traffic, then that's fine.

P/S: if you think this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
New Member

Recommended features for ASA 5520

Hi all,

         Is any one know the approximate price of  ASA525-IPS-K8 and 5545 x

VIP Purple

Recommended features for ASA 5520

for a quick check I typically use amazon:

5525-IPS-K9: about $11500

Other sources (google) show about $10000 for the 5525-X-IPS anf $20000 for the 5545-X-IPS.

Recommended features for ASA 5520

Hi Sujeendran,

You can check with the below URL for the best pricing.

http://www.costcentral.com/proddetail/Cisco_ASA_5525_X_Firewall_Edition/ASA5525K9/11573914/

http://www.costcentral.com/proddetail/Cisco_ASA_5545_X_IPS_Edition/ASA5545IPSK9/11579027/

Please do rate if the given information helps.

By

Karthik

1125
Views
0
Helpful
11
Replies
CreatePlease to create content