12/28/2022 0 Comments Cisco asa 5505 license upgrade![]() Intrigued by this, and due to needing the extra RAM for the 8.3 code, I decided to upgrade both my ASAs to 1GB as well! ![]() When I originally performed this upgrade, I found that on various forums many people had actually upgraded past the official supported amount of RAM, and upgraded their ASA 5505s to 1GB RAM. ![]() This is also the maximum officially supported amount of RAM.īuying official Cisco RAM is, as always, quite expensive, but since the ASA 5505 uses standard DDR RAM, it is actually possible to use third-party RAM in the ASA 5505. Starting from ASA 8.3, the minimum required RAM needed to run 8.3 code and newer on a 5505 is 512MB. Pretty much straight away, I wanted to upgrade to the ASA 8.3 code, which required a RAM upgrade, so I upgraded it. I was pretty lucky, as I paid under £70 for each because the seller wasn’t too sure what they were! Looking on eBay now, they are selling for around £120! □ I have two Cisco ASA 5505s in my home lab which I acquired almost two years ago from eBay. If you want a single box that combines the routing capabilities of a cisco 1941 with the firewalling capabilities of an ASA AND the layer 7 proxy capabilities (dns routing, rinetd tcp port redirect, tcp proxy, web proxy, smtp relay, etc ….Edit: 3rd June 2014 – If you are reading this post, you should check out my follow up post: Cisco ASA 9.2 on Cisco ASA 5505 with Unsupported Memory Configuration Fail. The 1841s are excellent low cost choices for networks that need 30 Mbits/sec or less of IP throughput and 10 to 12 Mbits/sec or less of total IPSEC throughput. The Cisco 1941s are very comparable to the ASA5510 in terms of throughput. If you need a router and routing protocols, use a Cisco 1941 (new), Cisco 1841 (used gear). But just because the ASA can speak OSPF does not mean it’s the right choice for routing or connecting between 2 subnets and it’s certainly a poor choice for connecting WAN and internet based private clouds.Įven if you do need to create a security policy between 2 networks (say a research and a production lan) it still may be simpler to use a router with an ACL(s) or a layer 3 switch with ACLs between VLANs than the ASA.īottom line: The ASA is a solid firewall but it’s not a router. We have found that the OSPF support is buggy in earlier 8.x releases of ASA code on the ASA5505 though. The ASA does support OSPF, so it CAN learn about routes from other OSPF speaking gateways. This makes failover between an MPLS cloud and a gre based backup cloud, or 2 gre tunnel paths 1 primary and 1 backup much quicker and simpler to administer than the raw ipsec methods. Gre + ipsec + OSPF/ EIGRP (eigrp is cisco proprietary of course)Īnd get full ip routing with a stateful protocol like BGP across your tunnel. BSD and/or cisco routers are much better choices for creating ipsec based tunnels across the internet because you can use: You also cannot use dynamic routing protocols across the ipsec tunnels that the ASA creates, which is the most serious limitation with the ASA in my mind. The Cisco ASA though cannot participate in BGP routing, which makes it impossible to use in most situations where you want to talk to an upstream service provider or use with an MPLS, or GRE tunnel based WAN or value added network. You can also use nat to nat traffic from one interface to another, and you can create static nats that do not actually nat, but keep state on the connections and pass the traffic w/o changing the addresses or ports. If you set 2 networks on the Cisco ASA to have the same security zone, you can permit traffic to pass between the interfaces with the same-security-traffic permit inter-interface command. The ASA is NOTa router, though and while you can do things on the ASA that can make it act something like a router it is important to understand the differences between true routing and what the ASA actually does. Note: If you purchase Cisco ASA 5505, please verify the package contents.Ĭisco ASA 5505 Quick Start Guide: Verifying the Package Contents, Installing the Chassis, Powering on and Verifying Interface Connectivity, Initial Configuration Considerations, Launching ASDM, Running the Startup Wizard, (Optional) Allowing Access to Public Servers Behind the ASA…more detailed info of Cisco asa 5505 start tutorial you can visit: The ASA 5510 model has mutiple ethernet ports as well, but these are layer3 firewall ports, not bridge/switch ports like in the Cisco ASA 5505. If you have an advanced license that allows for DMZs to be created then you can use the physical ports on the back of the ASA as dmzs for things like servers, guest wireless networks, etc. The other 6 ports are simply switch ports that can be placed in the private or outside vlan. The ASA 5505 has 8 ports, but in the base license only 2 vlans can be created.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |