I work for a tourist attraction and the network is a state, no firewall, no vlans, no qos. Everything running on one subnet (very cramped), that includes corporate clients, servers, private wifi, VoIP and EPOS!! Still relatively new in the job, so not my fault!I plan to put a Cisco ASA in place to manage the network and vlans etc, with a separate adsl/fibre router as our internet connection. We are likely going to add visitor wifi also at some point, so we need comprehensive VLANning and PCI Compliance.
We have two points of internet presence - 1 for corporate use, 1 dedicated for EPOS and card payments systems.
I was looking at the ASA5515-K9 for the corporate use, but now thinking the ASA5515-IPS-K9, may be better.
An ASA5510 to be added on the EPOS internet link.
An additional internet link to be added for visitor wifi, and run that through the 5515.
What model of ASA would you recommend, or does what I have planned sound right?
Do you think a model with IPS is required?
Selecting from the 5500-X series (15, 25 etc.) is more driven by your throughput and number of interfaces required. Please refer to the data sheet for info on those parameters.
With respect to the IPS, I would counsel you not use the legacy IPS (-IPS models). Those are based on the old Cisco technology which is widely expected to be completely discontinued within the year. If you want an IPS, you are better off specifying a model with the CX module (and required SSD storage) and buy the Next Generation Firewall (NGFW) IPS service subscription.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...