ASA 5505 instead of a 5510?

Roguetadhg

So Im looking to buy an ASA. I bought the CCNA:Security lab manual (1.1). It's using the ASA 5510.

Do you think I can get away with using the 5505?


I've searched on the websites for the differences- but all I can discern is that the 5510 has an IPS module. ...which in all fairness isn't any different than what the OCG is telling me.

The difference (used) is just $1000. Ya know.

Edit: Comparison- http://www.cisco.com/en/US/products/ps6120/prod_models_home.html



Cisco ASA 5500 Series¹

Part Number



Cisco ASA 5505 Appliance with 10-User Firewall License, 8 FE

ASA5505-BUN-K9



Cisco ASA 5505 Appliance with 50-User Firewall License, 8 FE

ASA5505-50-BUN-K9



Cisco ASA 5505 Appliance with SW, Unlimited Users, 8 FE

ASA5505-UL-BUN-K9



Cisco ASA 5505 Appliance with Unrestricted Firewall License, Security Plus, 8 FE

ASA5505-SEC-BUN-K9



Cisco ASA 5510 Appliance with 5FE

ASA5510-BUN-K9



Cisco ASA 5510 Appliance with Security Plus, 2GE, 3FE

ASA5510-SEC-BUN-K9

drkat

No real difference except the license and IPS and supported vpn connections but for labbing a 5505 is fine..

veritas_libertas

As I understand it, the 5505 is fine for the CCNA:Security.

RouteMyPacket

veritas_libertas wrote: »

As I understand it, the 5505 is fine for the CCNA:Security.

I agree, I am going the security route and asked this same question and even though I will purchase a 5510 (later 2) the the consensus is that a 5505 will carry you through CCNA-S, only in the later stages will you require 5510 for multi context, IDS/IPS/HA

Someone please correct me if I am off base with that assumption.

Roguetadhg

It makes sense, RouteMyPacket.

On the certificationkit site, they list the 5505 under their "premium" ccna kit.

For the CCSP, a 5510, 5505 and a PIX 506. Although, I'm not sure if they've updated the CCSP kit as it's "CCNP:Security" now.

spiderjericho

Doesn't the 5510 and up have a specific type of failover/redundancy that is tested on the CCNP Security? Couldn't you just use GNS3?

spiderjericho

Here's a comparison off the Cisco site:

Cisco ASA 5500 Series Adaptive Security Appliances Compare Models - Cisco Systems

It seems like you'd probably run into issues with CCNP Security, possibly the Firewall and IPS. I know of people who just used GNS3.

Nothing wrong with buying one to play with but if you plan on moving up it'll probably make more sense to use GNS3 or a rack rental.

YFZblu

I bit the bullet today and bought the ASA 5505 - Looking forward to this!

SteveO86

GNS3 cannot run any of the newer ASA code, only 8.0(2) -If I remember correctly.

A 5505 will be good for CCNA-S, with the CCNP-S the 5505 doesn't cut it because of the High Available (Active/Standby requirements)

The new CCNP-S track focuses on ASA 8.4 code - For FIREWALLv2 and VPNv2 exams. So PIX is not covered on CCNP-S nowadays.

spiderjericho

They have 8.4 and ASDM running on GNS3. Just did a Google and have seen numerous threads on several forums.

I recall a thread on this forum in which someone passed the firewall exam recently using simply GNS3.

I wouldn't be surprised of they somehow get IOS 15 on this resilient program.

Iristheangel

I got lucky. We ordered a 5505 for a site that didn't end up using it so I have it sitting on my desk at work for play. I doubt I'll get that lucky if I go the CCNP:Security route and need some more hardware.

YFZblu

^ The benefits of being a Network Engineer I suppose

I briefly looked away from the computer screen as I selected 'place order' for a device that cost nearly as much as my entire current lab...

Iristheangel

I didn't really originally count on it. I ended up buying this before the ASA 5505 landed in my lap. It's not bad:
ProfSIMS Cisco Simulator Main Page (NetworkSims.com)

Roguetadhg

Where did you order your 5505, YFZblue?
Irish is just a show off. I mean, look at all those CIW certs! She'll be able to javascript whole NES games by the time Christmas comes!

As far as doing ASA on the GNS3, it has problems working. I just don't want a matter of "It doesn't work because of GNS3"!

I got the CCNA:Security Version 1.1 lab manual. It's calling for the 5510, whereas the book, the 5505 is what's used. Arrr Matey!

veritas_libertas

I feel the same way about running an ASA through GNS3. I'm waiting for a good deal on eBay. Does anyone know of a simulator for the ASA5510s?

Roguetadhg

Iris' link is pretty darn spectacular. It lists PIX & ASA. But I've never used it, so I don't know how close it is. Needless to say, I have high hopes.

YFZblu

Roguetadhg wrote: »

Where did you order your 5505, YFZblue?
Irish is just a show off. I mean, look at all those CIW certs! She'll be able to javascript whole NES games by the time Christmas comes!

As far as doing ASA on the GNS3, it has problems working. I just don't want a matter of "It doesn't work because of GNS3"!

I got the CCNA:Security Version 1.1 lab manual. It's calling for the 5510, whereas the book, the 5505 is what's used. Arrr Matey!

I ended up going the Amazon route. My wife is an accountant for a reseller, so my future purchases will have some type of employee discount hopefully Unfortunately she just started at this place and really didn't feel comfortable asking yet.

veritas_libertas

Roguetadhg wrote: »

Iris' link is pretty darn spectacular. It lists PIX & ASA. But I've never used it, so I don't know how close it is. Needless to say, I have high hopes.

I'm wondering how much it can do ASA wise. I'm noticing that it focuses on the PIX.

@Iris: Please tell us if this lets us use ASA5510 features? It looks neat for sure.

RouteMyPacket

spiderjericho wrote: »

They have 8.4 and ASDM running on GNS3. Just did a Google and have seen numerous threads on several forums.

I recall a thread on this forum in which someone passed the firewall exam recently using simply GNS3.

I wouldn't be surprised of they somehow get IOS 15 on this resilient program.

Yes, I am running the latest SW in GNS3 for ASA, no problem

YFZblu

I was looking into the IPS module to insert into the 5505 - Well over $1,000 - Woof!

SteveO86

YFZblu wrote: »

I was looking into the IPS module to insert into the 5505 - Well over $1,000 - Woof!

They are now EOL/EOS I beleive so the prices should drop on them soon enough.

BroadcastStorm

Here's the features enabled on the ASA 5505 security license, and one of them is for active/standby.

There are key gen to get security plus if you only have base license.
Licensed features for this platform:

Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual

This platform has an ASA 5505 Security Plus license.

Toney_1819

Gns3 uses asdm and asa 8.4 as well.

QHalo

Wow, they changed CCNA Security around huh? ASA's were not needed when I took this.

shufflah

How did you find that networksims.com package iris? that looks like rather good value for those of us after a CCNA:Security. Cheaper that just the ASA 5505 let alone the rest of the lab.