Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA model and setup question

Status
Not open for further replies.
skk391

skk391

Technical User
Mar 3, 2009
332
GB
Hi,

Not new to this site, but new to this forum. There could be a opportunity to move from Microsoft ISA firewall to a Cisco ASA firewall. Just wanted to ask if there is such a product that will allow two adsl connections so that I can have some redunacy built in ?

I am a ccna & a ccna security but never had the chance to get my hands dirty with ASA this might chance now. How difficult is it setup an ASA? Does it come with a SDM type product so that I could get it configured and then play with the command line later ?

Just want to get a idea of how good the ASA product range is. Probadly be getting an ASA 5505 to start with.
 
Sort by date Sort by votes
Yep, the ASA allows you to have two 'Outside' connections and will switch between them if the 'primary' one fails, however the 'secondary' one will not be used unless there is a failure so no load-balancing.
It does this using IP SLA to ping a device over an interface (i.e. Outside-1) and then using the result (ping OK or not) to influence the default-route selection. Its very easy to set up and I have configured it for several customers. Typically there is a SDSL or Ethernet connection to an ISP and then a 'backup' ADSL connection.

I actually use both a hardware firewall (Cisco IOS router with Firewall feature set) and MS ISA as a proxy.

HTH

Andy
 
Upvote 0 Downvote
Not to put you off CISCO ASAs - they are great, but to be honest, Watchguard do fail over and policy basd routing a lot better....

have a look at their new UTM devices.

ACSS - SME
 
Upvote 0 Downvote
True and to be honest I don't use the ASA personally as I am only supporting a limited number of users. The IOS firewall is pretty solid and if you have a Cisco router fronting your ISP connections then why bother with an ASA at all? I don't, I use a Cisco router and it handles security (NAT, IP Inspection and the Firewall feature set - so application inspection for everything the ASA supports I think?) and VPN for remote users - L2TP/IPSec & WEB-VPN for clientless connections....
I just know you if this is an employment learning excercise then learning the ASA is probably more beneficail than Watchguard.....

Andy
 
Upvote 0 Downvote
Thanks for the valuable information guys. Iv got another small network were I have setup a Cisco router and configured cbac firewall etc and it works fine and I'm happy with it. I just wanted to get some experience with asa. I also wanted to use its vpn capabilities and to use this redundancy that you speak about, this will be the real selling point when I pitch it to management. The asa is a product designed for firewalling and vpning and thanks why I would like to implement it. Also looks good on c.v!
 
Upvote 0 Downvote
Hi,

Does anyone know which model I need within the ASA 5505 range to be able to take advantage of the ADSL failover?

I would like to order one for testing and to implement on our network at a later stage but am unsure on what model I need.

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
584
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
521
intel233
intel233
gkreg
  • Locked
  • Question
asa 5500-x url filtering
Replies
0
Views
396
gkreg
gkreg
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
565
intel233
intel233
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
279
AllenH12
AllenH12

Part and Inventory Search

Sponsor

Back
Top