Asa 5510

rwwest7

I was recently given a Cisco ASA 5510 (for free!!:)). I know it's a pretty bad arse piece of equipment. My question is, should I even fire this thing up for my CCNA studies or should I just tuck it away for later NP studies? From what I gather it's a VPN/Firewall with failover, can it also be used as a router?

I'm ordering a couple books off of Amazon to learn how to configure it, I'm just wondering if it'll take me too far off topic from CCNA material.

captobvious

Great score! Free is the best.

Might be good for the CCSP track, you don't even need one for the CCNA:S track although the exam certification guide does a great job of trying to sell you one.

chrisone

Yeah you dont need it right now for CCNA, it will only confuse you while you study for the CCNA. Firewall concepts are a bit different from routing concepts, actually they are totally different.

Having it and playing with it will get you some experience along with a ASA book. Here are a couple i recommend. Amazon.com: Cisco ASA Configuration (Networking Professional's Library) (9780071622691): Richard Deal: Books

Amazon.com: Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition) (9781587058196): Jazib Frahim, Omar Santos: Books

However many of these topics are way far advanced than the CCNA. If you dont understand CCNA routing and switching, you probably wont understand what you read in these ASA books. However with proper study and dedication to the CCNA and then onto the ASA studies, its only a matter of time until you get the idea and hang of things.

However why wait? i will buy that ASA5510 off you for 500 bucks

tiersten

It won't be necessary for CCENT/CCNA but keep it around. If you ever do anything further then you may find it useful. If nothing else, it is something nice to play around with.

You'll experience the oddities of the Cisco product portfolio where the firewalls don't run IOS but still have an IOSish interface and operate differently than the IOS router firewalls...

If you're more interested in the actual architecture of the box then it is a reasonably standard x86 archiecture but with a custom bootloader. People have managed to emulate the ASA hardware sufficiently that an ASA/PIX image will boot on it but there are some caveats and bugs still.

ColbyG

Sell it. You won't need it for the NA or NP exams. If you decide to go for the CCSP you could pick up a 5505 for much cheaper. I would sell it and use the money towards some routers, or a nice Dynamips server, and switches.

kalebksp

ColbyNA wrote: »

Sell it. You won't need it for the NA or NP exams. If you decide to go for the CCSP you could pick up a 5505 for much cheaper. I would sell it and use the money towards some routers, or a nice Dynamips server, and switches.

I agree with you that the cash would be more helpful at this point, but depending on how he got the ASA for free that could be kind of a d-bag move.

ColbyG

kalebksp wrote: »

I agree with you that the cash would be more helpful at this point, but depending on how he got the ASA for free that could be kind of a d-bag move.

Could be. I would probably try to sell it regardless though. That's a pricey piece of gear that isn't of much use to him.

Turgon

rwwest7 wrote: »

I was recently given a Cisco ASA 5510 (for free!!:)). I know it's a pretty bad arse piece of equipment. My question is, should I even fire this thing up for my CCNA studies or should I just tuck it away for later NP studies? From what I gather it's a VPN/Firewall with failover, can it also be used as a router?

I'm ordering a couple books off of Amazon to learn how to configure it, I'm just wondering if it'll take me too far off topic from CCNA material.

I would hang onto it quite frankly. If you switch jobs or get laid off and have to go looking for a new gig it's a buyers market and they are looking for everything in an applicant. Knowing your way around an ASA would be a good thing.

ColbyG

Turgon wrote: »

I would hang onto it quite frankly. If you switch jobs or get laid off and have to go looking for a new gig it's a buyers market and they are looking for everything in an applicant. Knowing your way around an ASA would be a good thing.

You wouldn't consider selling it, buying a 5505 and pocketing the extra?

Edit: So I got negative rep for this post as it's apparently "rude + greedy", haha. Some of you guys are acting like he was given a family heirloom here.

To clarify what I'm saying, if the giver would be insulted, then fine, keep it. But if it was given to help the OP with his studies, I'm sure the giver would understand that this device is not of much use for him right now, and overkill for most future studies. IMO, it would be better to sell the 5510 and build a nice lab with the proceeds. If firewall experience is needed a 5505 will be a much cheaper choice.

Turgon

ColbyNA wrote: »

You wouldn't consider selling it, buying a 5505 and pocketing the extra?

Edit: So I got negative rep for this post as it's apparently "rude + greedy", haha. Some of you guys are acting like he was given a family heirloom here.

To clarify what I'm saying, if the giver would be insulted, then fine, keep it. But if it was given to help the OP with his studies, I'm sure the giver would understand that this device is not of much use for him right now, and overkill for most future studies. IMO, it would be better to sell the 5510 and build a nice lab with the proceeds. If firewall experience is needed a 5505 will be a much cheaper choice.

I dont know about the negative rep. I had nothing to do with that. Regarding the options you may well be right. Either way having access to an ASA will serve you well.

kalebksp

ColbyNA wrote: »

You wouldn't consider selling it, buying a 5505 and pocketing the extra?

Edit: So I got negative rep for this post as it's apparently "rude + greedy", haha. Some of you guys are acting like he was given a family heirloom here.

To clarify what I'm saying, if the giver would be insulted, then fine, keep it. But if it was given to help the OP with his studies, I'm sure the giver would understand that this device is not of much use for him right now, and overkill for most future studies. IMO, it would be better to sell the 5510 and build a nice lab with the proceeds. If firewall experience is needed a 5505 will be a much cheaper choice.

FYI, it wasn't me either. Kind of a silly thing to give neg rep for.

ColbyG

I wasn't trying to point the finger at anyone. I just wanted to clarify what I meant. I think it's a tad silly too.

Either way, I hope the OP finds a use for it, whether he keeps it to tinker with or sells it and builds a nice R&S lab.

chrisone

I agree , if you wish to sell it you can get a nice almost complete CCNP/CCIE R&S lab for it. If you want firewall experience you can always buy an ASA 5505 for 300 bucks off ebay. Firewall wont have much help in a CCNA or CCNP lab.

Turgon

ColbyNA wrote: »

I wasn't trying to point the finger at anyone. I just wanted to clarify what I meant. I think it's a tad silly too.

Either way, I hope the OP finds a use for it, whether he keeps it to tinker with or sells it and builds a nice R&S lab.

No worries on my part. Personally I think differences of opinion are a very healthy thing. One can learn something from them, or at least they offer an opportunity to look at things in a different way which can be very useful indeed. We are all busy people giving our time freely here and may not have time to consider everything. No need to be **** about things and mark someone down.

Turgon

chrisone wrote: »

I agree , if you wish to sell it you can get a nice almost complete CCNP/CCIE R&S lab for it. If you want firewall experience you can always buy an ASA 5505 for 300 bucks off ebay. Firewall wont have much help in a CCNA or CCNP lab.

Fair comment. I would still advise the CCNP wannabe to get access to a firewall though. There is a perception out there that CCNP level obviously includes firewall knowledge and experience. The cert blueprint defies that but the perception is out there.

chrisone

Turgon wrote: »

Fair comment. I would still advise the CCNP wannabe to get access to a firewall though. There is a perception out there that CCNP level obviously includes firewall knowledge and experience. The cert blueprint defies that but the perception is out there.

not only do they expect firewall / security expertise, they also expect wireless and voip expertise as well. Perhaps not expertise but some degree of knowledge.

ColbyG

Turgon wrote: »

Fair comment. I would still advise the CCNP wannabe to get access to a firewall though. There is a perception out there that CCNP level obviously includes firewall knowledge and experience. The cert blueprint defies that but the perception is out there.

Yea, anyone planning to be a network engineer (in a Cisco shop) should have some firewall experience, IMO. Nearly all of my networking positions have had some exposure to firewalls. I picked up a 5505 to play with a year or so ago, it was definitely beneficial. I used it at home for awhile, but went back to a trusty router.

FWIW, Dynamips can run ASAs now, so that's an easy way to get some experience for anyone who doesn't want to spend the money on physical gear.

Turgon

chrisone wrote: »

not only do they expect firewall / security expertise, they also expect wireless and voip expertise as well. Perhaps not expertise but some degree of knowledge.

Of course. There is an increasing demand on support professionals. Inversely proportional to the paycheck it seems!

chrisone

Well aside from the ASA / Firewall demand. I believe the current CCNP is perfect in teaching routing and switching professionals what they need to know to support a network that has voice and wireless. It also does great with teaching some aspects of security. The current CCNP show how to properly configure QOS for voice, how to calculate the bandwidth, and how to support a wireless network. Sadly that is all going away soon with the revamped edition of the CCNP. Not sure where its going but it seems like the QOS, Voice, and Wireless will be stripped from the CCNP.

Turgon

chrisone wrote: »

Well aside from the ASA / Firewall demand. I believe the current CCNP is perfect in teaching routing and switching professionals what they need to know to support a network that has voice and wireless. It also does great with teaching some aspects of security. The current CCNP show how to properly configure QOS for voice, how to calculate the bandwidth, and how to support a wireless network. Sadly that is all going away soon with the revamped edition of the CCNP. Not sure where its going but it seems like the QOS, Voice, and Wireless will be stripped from the CCNP.

Personally I think it's a shame. Most network professionals need to be well rounded and a CCNP carried out on personal time is about as big a commitment as many can take on if the job is busy and you have family life waiting after work. So some opportunities to get insights or just a feel of these things along the way of the CCNP is a good thing. Without increasing time on works time to immerse in learning, the specializations and certifications just run away from all but the most determined candidates. I think partners have the edge here. Some impetus inhouse to obtain credentials on works time. Usually, but not always as there is work to do.

msteinhilber

I wouldn't have any bad feelings over selling the 5510 and buying a 5505, that's what I would do in that situation. When one of our PIX 506's died at the office we replaced it with an ASA 5510 with the IPS module. I wanted to learn more about them without toying on our production environment so I picked up an open-box ASA 5505 from Newegg for a great price. I run the 5505 for my home network and I can mess around on there and then apply what I've learned from there to the office. The only thing my budget wasn't big enough for was an IPS module for my ASA but the documentation on the Cisco site was pretty straight forward in getting the IPS module working in the 5510 at the office.

I say go for it and sell it and pickup a 5505 if you desire firewall experience (it's not at all bad to have). The 5510 is overkill for lab use and wouldn't be practical IMO to run 24-7 considering your cooling a Celeron 1.6ghz in a 1U chassis which probably isn't very quiet (never had ours powered up outside of our server room so I'm not sure exactly how loud) and would waste a lot more energy than the power friendly Geode CPU in the 5505. Take the rest of the money and stick it into something you'll further benefit from.

mgeorge

depending on rather or not it had a security plus license on it, it could be worth up to 2k, i'd sell that puppy and buy a nice rack for ccna/ccnp studies.

You can always emulate a pix on GNS3/Pemu. And if you're not going into the security track (ccsp/ccie security) then its going to be pretty useless.

I'm sure he'd have better use out of some 2651xm's or 3725's, 3550's (possibly 3560's)

rwwest7

mgeorge wrote: »

depending on rather or not it had a security plus license on it, it could be worth up to 2k, i'd sell that puppy and buy a nice rack for ccna/ccnp studies.

You can always emulate a pix on GNS3/Pemu. And if you're not going into the security track (ccsp/ccie security) then its going to be pretty useless.

I'm sure he'd have better use out of some 2651xm's or 3725's, 3550's (possibly 3560's)

That's one of the problems, I have no idea what it's worth. I guess I could post a show ver or something. But the range of prices on eBay is crazy. The guy who gave it to me probably wouldn't care. A factory was closing and he was the person who "gutted" the building.

What's the most important thing to know about it for value?

ColbyG

The license is most important, and any modules with it.

rwwest7

ColbyNA wrote: »

The license is most important, and any modules with it.

Thanks Colby, that's what I was afraid of though. It looks like this thing just has a base license. Here's the show ver:

ciscoasa up 4 mins 24 secs
Hardware: ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 001a.e268.5b6a, irq 9
1: Ext: Ethernet0/1 : address is 001a.e268.5b6b, irq 9
2: Ext: Ethernet0/2 : address is 001a.e268.5b6c, irq 9
3: Ext: Ethernet0/3 : address is 001a.e268.5b6d, irq 9
4: Ext: Management0/0 : address is 001a.e268.5b69, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.

tiersten

rwwest7 wrote: »

Thanks Colby, that's what I was afraid of though. It looks like this thing just has a base license.

You've got an ASA 5510 with the base license and no SSM. It is still valuable but obviously not as much as if it came with the Sec Plus license or a SSM of some kind.

rwwest7

tiersten wrote: »

You've got an ASA 5510 with the base license and no SSM. It is still valuable but obviously not as much as if it came with the Sec Plus license or a SSM of some kind.

I think I'm just going to hang on to it then, add it to my lab. Earlier this week I forgot to reschedule my ICND2 test so I was forced to attempt it, and I actually passed! Started out with an MODERATED sim that I spent 20 minutes on so the rest of the test I was rushing but I made it through. Cisco is one evil test giver!!

My next goal is CCNA:Security then on to CCNP. Here's my current rack:

2950 24 prt
2610XM w/ WIC 1T and 1FE-TX modules
2501
2501
ASA 5510

I'm planning to add a 3550 EMI shortly. Is there something better I should add right now besides a 3550? I'm trying not to go over about $300 on my next lab purchase (my little reward to myself for becoming CCNA ).

ColbyG

That thing is still worth a good amount of money, more than enough to put together a respectable R&S lab.

For your lab, are you going to use Dynamips at all? If so, all you need are a few more switches. If not, you'll need more and better routers. More 2600XMs or some 3640s. 3-5 routers that can run 12.4 should be good.

rwwest7

If I sold this thing for $1,000 would I be giving someone a great deal? This ones going on eBay right now and it's almost exactly what I have:

Cisco ASA 5510 Adaptive Security Appliance / Firewall - eBay (item 260534728358 end time Jan-14-10 19:29:19 PST)

ColbyG

$1000 would be a very good deal, probably too good on your end. You'd be leaving some money on the table.

rwwest7

Thanks to everyone for the advice! I just put this on ebay for $1250 and it sold in less than 5 minutes. Must've been a good deal I guess. (the person who gave it to me doesn't mind as long as I spend the proceeds on Cisco lab equipment)

Now I just need to figure out the best way to spend the proceeds after Paypal and ebay take their cut. Will be picking up an ASA 5505. Do all models of the 5505 support SSL VPN connections? That's something I really want to learn about. Any advice/warnings on the 5505s would be greatly appreciated.