Cisco (ASA 5505) - LAN user limit and upgrading?

[Psychor]

Hi,

I might be picking up a Cisco ASA 5505 for my home network and I had a couple of questions that I was hoping someone familiar with Cisco products might be able to answer.

(1) One ASA 5505 bundle I was looking at listed a 10 LAN user limit. Would any and all devices attached to the network that are assigned an IP fall under this limit? I have network attached UPS devices and a bunch of the other small crap so hitting 10 wouldn't be that difficult. In terms of actual PCs I would only have 3-4. I realize Cisco also sells a 50 user bundle.

(2) From what I understand the ASA 5505 comes with a 90 day warranty period. But this is evidently from when it was shipped to the reseller and not to me. Is this true?

(3) During the 90 day warranty period can I upgrade to the latest firmware for free or do I need to buy SmartNet account?

Thanks!

 

[mattjw916]

You'll need some sort of service agreement with Cisco, i.e. Smartnet, in order to access the software upgrades (outside the 90 days). You may be able to get them from your reseller though. Generally new-in-box Cisco devices don't show up with the bleeding edge release loaded; you probably won't need the features anyway. If you want hardware support beyond the original warranty you'll also need a contract.

Most of this is really overkill for home use.

If cost is an issue but still want to use a Cisco firewall you can always pick up a PIX525 or something on eBay. Also, unless you are well-versed in the operation of ASAs (it's not the same as an IOS device) the config will be a bit overwhelming at first. ASDM is good for people who are new to Cisco firewalls although it's a bit clunky IMO.

 

[Psychor]

You'll need some sort of service agreement with Cisco, i.e. Smartnet, in order to access the software upgrades (outside the 90 days)

But while still within the first 90 days I can access firmware updates for free? If so that's great.

 

[calvinj]

But while still within the first 90 days I can access firmware updates for free? If so that's great.

0 days or 90 days I think you need the smartnet either way. You need a cco login to gain access to the software and that smartnet agreement gives you the rights to that.

 

[SpaceHonkey]

You need a smartnet to get downloads.

10 simultaneous users.

I did the same thing as you are thinking about recently. I purchased a 5505 (10 user) through CDW and got the smartnet contract ($71/yr). Haven't had any problems with simultaneous connections, but I only have a small number of clients.

 

[Psychor]

You need a smartnet to get downloads.

10 simultaneous users.

I did the same thing as you are thinking about recently. I purchased a 5505 (10 user) through CDW and got the smartnet contract ($71/yr). Haven't had any problems with simultaneous connections, but I only have a small number of clients.

How have you found the unit? Likes, dislikes, etc. I had a DLINK DIR-655 and moved to a DrayTek 2950G but that was a mistake. The DrayTek is going back.

 

[SpaceHonkey]

Actually - I love it! The only downside is the learning curve if you've never worked with ASA/PIX devices. It was pretty intense for me but I've learned alot. The original reason I got it was to learn with, as I've got to learn to tame our yet-to-be-deployed ASA 5520s at work (to replace PIX 515s). Having a hardware VPN device has come in very handy, AnyConnect works on all my clients (Win/Mac/Linux[haven't tried yet]). The SSL reverse proxy is slick for simple stuff too. If you find that you've run out of connections, you can always put another NAT'ed device (like your old router) to get some more use out of a single connection.

I wish I could justify the expensive image for the 5505, as I think it lets you get around the 3 VLAN limit, though I believe all 5505s have to be configured using VLANs as opposed to giving the interfaces IPs. I'll defer that to the experts/google, but I can say that only 3 VLANs (inside, outside, DMZ) can be limiting if you're wanting to do advanced stuff.

Edit: Also, I think you may have to have the security+ image for dual ISP support, and I don't think it can load balance them. Again - I'll defer to the experts.