Cisco ASA5505 Security Device Bundle, ASA5505-BUN-K9 - Home Lab?

Brain_PowerBrain_Power Users Awaiting Email Confirmation Posts: 163
in CCNA Security
Cisco ASA5505 includes 8-port Fast Ethernet switch, stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot. Includes a 10-user license.

Is this a good addition to a home lab for CCNA Security?

What about for CCNP Security? Will ASA5505 work or do I need to upgrade to ASA5510?
· Share on FacebookShare on Twitter

Comments

  • vishaw1986vishaw1986 Member Posts: 40 ■■□□□□□□□□
    Hey Brain ,

    ASA 5505 is just the replacement of PIX501 , u can do the VPN testing testing and many more , but the thing in which u are lagging with this model includes making the contexts (virtual firewalls ), stateful failover , it [FONT=Verdana, Arial, Helvetica, sans-serif] does not support the Inturison detection and prevention , antivirus , file content inspetion . So you should think accordingly .[/FONT]
    · Share on FacebookShare on Twitter
  • doverdover Member Posts: 184 ■■■■□□□□□□
    Hey Brain_power

    From what I remember of the CCNA Security you don't touch the ASA (although the blueprint may have changed). CCNA Sec focuses on the Security Device Manager and securing routers, switches and using the router IOS based firewall (zone based and CBAC), IPS and VPNs. Your home lab setup looks more than sufficient for CCNA Sec if you've got the router IOS's with the advanced feature sets.

    If you're going to move on to CCNP Sec and really want the physical hardware I'd say hold out for two 5510's with the sec plus license so you can do most of the labs. The 5505 is a cool device and you can use it for quite a bit of labbing and configuration basics but Vishaw is right - you'll need the more advanced (expensive) models to do things like active/active failover, multiple contexts, etc.

    If money is an issue - and it always is - look into GNS3 and simulating a more advanced ASA in Qemu. Google will walk you through it.

    One thing though - you CAN add an IPS module into a 5505. Its called an AIP-SSC 5 and it does run the full-blown IPS 7 software. Been thinking about it myself for the IPS exam prep.

    Good luck
    · Share on FacebookShare on Twitter
  • spd3432spd3432 Member Posts: 224
    dover,

    553 is sdm but it expires end of next month. 554 has ccp and asa.
    ----CCNP goal----
    Route [ ] Studying
    Switch [ ] Next
    Tshoot [ ] Eventually
    · Share on FacebookShare on Twitter
  • zrockstarzrockstar Member Posts: 378
    vishaw1986 wrote: »
    Hey Brain ,

    ASA 5505 is just the replacement of PIX501 , u can do the VPN testing testing and many more , but the thing in which u are lagging with this model includes making the contexts (virtual firewalls ), stateful failover , it does not support the Inturison detection and prevention , antivirus , file content inspetion . So you should think accordingly .

    I don't know about for CCNP, but I don't think you have to do these for CCNA: Sec. From what I can tell from the objectives they are looking for ASA implementation, and SSL VPN through ASA. I haven't got to the ASA chapters in the official cert guide yet, but I don't think it is going to have us do IDS on antivirus, I could be wrong though.
    · Share on FacebookShare on Twitter
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    They're taking SDM completely off the 554 and implementing the ASA. They just released books on amazon.com Amazon.com: CCNA Security 640-554 Official Cert Guide (Official Certificate Guide) (9781587204463): Keith Barker, Scott Morris: Books

    To the OP; an ASA5510 would be a bit expensive to have at home. The CCNA:Sec you could probably get away with just reading the book.
    2017 Certification Goals:
    CCNP R/S
    · Share on FacebookShare on Twitter
  • Brain_PowerBrain_Power Users Awaiting Email Confirmation Posts: 163
    What size RAM and flash do you recommend?

    RAM: 512MB or 256MB

    FLASH: 128MB or 64MB

    Cisco ASA 5500 Series Adaptive Security Appliances Compare Models - Cisco Systems

    Memory Requirements for the Cisco ASA Adaptive Security Appliances Software Version 8.3 and Later* [Cisco ASA 5500 Series Adaptive Security Appliances] - Cisco Systems

    I found different models on eBay and wanted to ensure I buy the right one.
    · Share on FacebookShare on Twitter
  • Brain_PowerBrain_Power Users Awaiting Email Confirmation Posts: 163
    Nevermind, just picked up this one off ebay.



    Manufacturer:

    Cisco Systems




    Type:

    Security Appliance



    Form Factor:

    External



    Connectivity Technology:

    Wired



    Data Link Protocol:

    Ethernet , Fast Ethernet



    Data Transfer Rate:

    100 Mbps



    Features:

    DMZ port , Firewall protection , Power over Ethernet (PoE) , VLAN support , VPN support , Wall mountable



    Flash Memory Installed Size:

    128 MB



    RAM Installed Size:

    512 MB



    Network Transport Protocol:

    IPSec



    Ports Qty:

    8



    Power Over Ethernet (PoE):

    Yes



    License Qty:

    10 Users, 10 IPsec VPN peers, 2 SSL VPN peers



    Compliant Standards:

    AS/NZ 3548 Class B , CE , CISPR 22 Class B , CSA 22.2 No. 60950 , EN 60950 , EN 61000-3-2 , EN 61000-3-3 , EN55022 Class B , FCC Class B certified , FCC Part 15 , IEC 60950 , UL 60950 , VCCI Class B ITE



    Encryption Algorithm:

    AES , DES , SSL , Triple DES



    Slot:

    1 Expansion Slot



    Power:

    AC 120/230 V ( 50/60 Hz )



    Rack Mounting Kit:

    Optional


    · Share on FacebookShare on Twitter
Sign In or Register to comment.