ASA 5505

[nitrobass24]

Thinking of buying a 5505 to play with.
Found one on CL for $250 its the basic license.

Anything I should be worried about? Things to ask?

 

[AMD_Gamer]

I have been thinking about this also.

 

[Captain Colonoscopy]

If its the one with the 10-user license be warned that it will only let ten concurrent connections through it.

 

[Langly]

I've seen 50 user license asas brand new for $300-350 depending on the vendor. I just snagged one for $350 myself for a work lab. $250 is meh.

I got a 50 user one myself used fror free from a place that dumped it cause it stopped working. 10 min after I get it, Ireseat the flash card its working again.

 

[AMD_Gamer]

How does the license work. Is itjust an ios you can upgrade to get more connections?

 

[NetJunkie]

Reminds me... I need to configure my ASA5505. Haven't been motivated since my Apple Base Station is doing a good job.

 

[Captain Colonoscopy]

The license is an activation key code that you get from Cisco. If you have a 10-user license you can upgrade it to a 50 or unlimited license. You buy the license, register it and then you get a key to paste into the firewall.

 

[Langly]

The license is an activation key code that you get from Cisco. If you have a 10-user license you can upgrade it to a 50 or unlimited license. You buy the license, register it and then you get a key to paste into the firewall.

Also another note, you can enable other features into the device as well with different activation codes. More SSL vpn connections things/Anyconnect mobile etc.

 

[SpaceHonkey]

Get it - you can learn a lot with a 5505.

You'll need a memory upgrade to learn the latest code though...

 

[moose517]

i made the mistake of buyin a 10 user license version thinking it was VPN's and not connections period. ended up forking over for an unlimited user one in the end XD so make sure you get like the 50 user version if anything.

 

[AMD_Gamer]

Do the switch ports support most commands? like for CCNA/CCNP?

 

[O2Flow]

i made the mistake of buyin a 10 user license version thinking it was VPN's and not connections period. ended up forking over for an unlimited user one in the end XD so make sure you get like the 50 user version if anything.

Wait, what?

 

[Jay_2]

do ASAs see VMs are 1 license or does it see each MAC?

 

[Vito_Corleone]

Do the switch ports support most commands? like for CCNA/CCNP?

No, it's very different.

 

[AMD_Gamer]

No, it's very different.

How so

 

[Vito_Corleone]

It's a different OS.

http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html

 

[Captain Colonoscopy]

do ASAs see VMs are 1 license or does it see each MAC?

ASA sees concurrent connections. If you have a VM server with five VMs and they all try to go to the internet at once that is seen as six connections. And it stays in the table, too. If you have a printer that gets time via ntp on an external server then that counts against the user count as well. For this reason I don't sell the 10-user ASAs anymore. I've had too many clients with seven PCs and a server call and say one computer can't get out to the internet because their printers were pulling time or their switch/APs were configured for network time, too.

 

[AMD_Gamer]

It's a different OS.

http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html

So you commend learning the CLI for them or the ASDM?

My work uses an ASA 5510 but I can't really do anything with it.

 

[AMD_Gamer]

ASA sees concurrent connections. If you have a VM server with five VMs and they all try to go to the internet at once that is seen as six connections. And it stays in the table, too. If you have a printer that gets time via ntp on an external server then that counts against the user count as well. For this reason I don't sell the 10-user ASAs anymore. I've had too many clients with seven PCs and a server call and say one computer can't get out to the internet because their printers were pulling time or their switch/APs were configured for network time, too.

What if you put a router between your network and the ASA doing some kind of NAT?

 

[Vito_Corleone]

So you commend learning the CLI for them or the ASDM?

My work uses an ASA 5510 but I can't really do anything with it.

Depends who you talk to. I use the CLI, but a lot of the high-level security guys I know are moving to ASDM. They say it's better than the CLI with 8.3+. I may eventually use ASDM, but for now I'm sticking with the CLI.

 

[AMD_Gamer]

what do you guys think about this book?

http://www.amazon.com/Accidental-Ad...6622/ref=sr_1_2?ie=UTF8&qid=1309553518&sr=8-2

 

[Valnar]

I use both the CLI and ASDM. Sometimes ASDM names things in a weird way, so I take that syntax and rename it to something more understandable via the CLI. Other things are simply much easier with ASDM, like certificate requests and installing certs.

 

[Jay_2]

ASDM has come a long way. I find I use it more and more with our 5510s

 

[Tarrant64]

Please note the number of vlans supported by the 5505 is limited to I think 3 depending on the license. You have to do a "no forward" on the 5505 in order to even use 3. Not sure if you would be working a lot with vlans or not but just though I'd point that out and add some value to the conversation.

If you look up clans for 5505 this information should come right up.

 

[Tarrant64]

ASDM has come a long way. I find I use it more and more with our 5510s

Totally agree with this. We have a combination of 5505 and 5510 ASAs where I work and I have used ASDM more often lately.

 

[nitrobass24]

Ended up picking it up for $200, might upgrade to SecPlus License in the future. Ill be setting it sometime this week, so expect questions.