We've got a small company with about 50 employees. Currently we are about to upgrade our Internet connection to Metro Ethernet and along with that are looking at replacing our Linux based firewall with an ASA 5510. The question however is what solution is best: the 5510 by itself, the 5510 with AIP module, or the 5510 with the CSC10 module.
Currently our existing firewall just does NAT, Spam Scanning, and Transparent web proxy.
To give you a really good answer about which option is best we would need more information about your environment and about your security requirements.
Based on what you have described so far I am going to assume that your security requirements are not extensive. If the Linux based firewall has been adequate then I would suspecct that the ASA5510 by itself is the better choice. It will be less expensive, it will be closer to the level of protection that you had previously, and it will be easier to install and require less attention after installation.
Both the AIP and the CSC modules are good things and provide good service, if you need the service that they provide. But they will increase the price of the product. They will be more challenging to install. And they will require more tending to after installation.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...