Cisco Firewalls: ASA 5505 or 5512?

Deathmage

Hello,

So I've found some decent pricing of less than $100 for a Cisco 5512 online and well 5505's are less than $50 on ebay so that's nuff said.

But I've seen posts on here that the CCNA: Security is slated for a refresh soon, with that being said would a 5505 be enough, even after the exam refresh?

I'd like to setup a DMZ at home segregating the home network from the Cisco network across my Sonicwall being the primary and then a pass-through or direction connection into a ASA series firewall for the Cisco/VMware/Microsoft Lab once I start using that more heavily.

jamthat

Can you share where you're seeing 5512's for $100???

Deathmage

jamthat wrote: »

Can you share where you're seeing 5512's for $100???

Technically it's a private listing from a guy I know at Intel in NYC (we went to college together), but I told him I'd think about it for today, he messaged me last night on Facebook and saw my home-lab and wanted to see if I wanted it before he sold it on ebay.. just can't decide if the 5512 or the 5505 would be sufficient. One might be complete overkill over the other.

devils_haircut

You don't really even need an ASA for the CCNA: Security stuff, unless that's changing on the new exam.

What are the memory/flash specs on the two? You might run into IOS version limitations based on the amount of RAM and flash space of the models. For example, the 5505 will run ASA 9.1 with only 256 MB of RAM. The 5505 requires 512 MB or higher to run 9.2 and above.

Cisco ASA IOS Compatibility Guide

jahsoul

If you can get a 5512 for $100 bucks, take that and run. There is nothing wrong with overkill, and it's always better to have newer, but that's just my opinion.

nelson8403

I'd ask about the licensing beforehand, if they are all the same I'd go with the 5512, is it the 5512-x? You may also want to look at the new 5506-x, they're only about 600 new and are part of the new firepower series.

d4nz1g

if they added NGFW to the test, then 5505 won't be enough.
but ASA's in general are very entertaining.

edit: get the 5512...you will get way more features from it than you would get from the 5505. and if you get 2 of them, I believe they support failover clustering.

alan2308

devils_haircut wrote: »

You don't really even need an ASA for the CCNA: Security stuff, unless that's changing on the new exam.

There is definitely ASA stuff on the 640-554. Sure its all ASDM based, and you could probably just walk through everything in demo mode, but how are you going to verify that what you did works? With all the complaining in the CCNA Security section lately about how there's supposedly a ton of questions that aren't covered in the exam objectives and the ridiculously high passing score, I would highly recommend not leaving anything to chance and study everything.

Legacy User

devils_haircut wrote: »

You don't really even need an ASA for the CCNA: Security stuff, unless that's changing on the new exam.

What are the memory/flash specs on the two? You might run into IOS version limitations based on the amount of RAM and flash space of the models. For example, the 5505 will run ASA 9.1 with only 256 MB of RAM. The 5505 requires 512 MB or higher to run 9.2 and above.

Cisco ASA IOS Compatibility Guide

The dram 512 upgrade for an asa5505 is around $10 each online so upgrading the memory is an inexpensive option. But 5512 for $100 I'd say jump on it but check the licensing beforehand.

Deathmage

the 5512 arrived this evening via UPS and I will unbox it this weekend, outside of the scope of what I need for the lab right now. I normally rack my stuff when I get bored. ICDN2 study is my main focus right now...