Required ASAs

sendalotsendalot Posts: 328Member
So for VPN portion of CCNP - Security, what kind of ASAs do I need?

Would a couple of ASA5505 with additional licensing do?

Thanks.

Comments

  • I think so.
    Base license would be enough.
  • gregorio323gregorio323 Posts: 201Member ■■■□□□□□□□
    sendalot wrote: »
    So for VPN portion of CCNP - Security, what kind of ASAs do I need?

    Would a couple of ASA5505 with additional licensing do?

    Thanks.

    I'd definitely get the Security Plus License
  • RouteMyPacketRouteMyPacket Posts: 1,104Member
    I'd definitely get the Security Plus License

    Security Plus is needed for HA/Multiple Contexts etc.. which will be covered in FIREWALL, VPN can be practiced via GNS3 with VPN Plus License

    If you are keeping it real world, dual 5510's with Security Plus is what you need.
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • sendalotsendalot Posts: 328Member
    Can I just get another 5505 than to get one or two of 5510s? single 5510 costs a fortune...lol....
  • TheNewITGuyTheNewITGuy Posts: 169Member ■■■■□□□□□□
    I'll get you 5510 with sec+ for $1450 each :)
  • sendalotsendalot Posts: 328Member
    Where did you get the quote?
  • RouteMyPacketRouteMyPacket Posts: 1,104Member
    sendalot wrote: »
    Can I just get another 5505 than to get one or two of 5510s? single 5510 costs a fortune...lol....

    Nope, welcome to Security. ha

    Again, your only other option will be to use GNS3 for your ASA's, they will be 5520's and you could get a lot out of it but I like having real gear to push traffic through etc.

    I did use GNS3 for VPN labbing though. For HA etc, GNS3 was buggy and I had me extremely angry at times, just wasn't worth fooling with. Maybe with the upcoming release/s they will be better?
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • gregorio323gregorio323 Posts: 201Member ■■■□□□□□□□
    Nope, welcome to Security. ha

    Again, your only other option will be to use GNS3 for your ASA's, they will be 5520's and you could get a lot out of it but I like having real gear to push traffic through etc.

    I did use GNS3 for VPN labbing though. For HA etc, GNS3 was buggy and I had me extremely angry at times, just wasn't worth fooling with. Maybe with the upcoming release/s they will be better?

    I do agree. Sometimes GNS3 is buggy with ASA. At times during my labs I would unable to reach the ASA. It would not respond to anything! and cause frustration and confusion I wish I had the real equipment to avoid all this headache!
  • RouteMyPacketRouteMyPacket Posts: 1,104Member
    I do agree. Sometimes GNS3 is buggy with ASA. At times during my labs I would unable to reach the ASA. It would not respond to anything! and cause frustration and confusion I wish I had the real equipment to avoid all this headache!

    Don't even get me started having flashbacks of why I could not ping the ASA/s through the loopback adapter, or yes the ever automatic reloading of the device. Man that sucked...ugh!
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • sendalotsendalot Posts: 328Member
    I'm just going to work and spend no money for next few months to save up money for a couple of 5510s..
  • jahsouljahsoul Posts: 453Member
    *points to my For Sale post* :)
    Reading: What ever is on my desk that day :study:
  • sendalotsendalot Posts: 328Member
    Oh, I have a vendor that I work with for all my equipments. Thanks though!
  • TheNewITGuyTheNewITGuy Posts: 169Member ■■■■□□□□□□
    where did I get the quote? I specialize in used cisco gear :) I quoted you myself
  • gregorio323gregorio323 Posts: 201Member ■■■□□□□□□□
    Don't even get me started having flashbacks of why I could not ping the ASA/s through the loopback adapter, or yes the ever automatic reloading of the device. Man that sucked...ugh!

    I've had the same issue!!!! I had an issue where ASDM would not connect properly and if it did it would be soooo freaking slow!!!!! I had to jump through so many hoops just to get it working right ugh the nightmare! I'd probably spent more time figuring it out than actually studying!
Sign In or Register to comment.