• Cisco Asa 5510 Replacement

Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20. ASA 5580-40, ASA. 2.5 CRYPTOGRAPHIC KEY MANAGEMENT. External CompactFlash slot. Status indicator LED. Serial Console port. Power switch. Power indicator LED. Cisco asa 5510 activation keygen. How to IPsec to the Cisco ASA 5505 Firewall Using Pre-shared KB: pin. My Network Lab: Cisco WLC AP license The first step is to go to Cisco's licensing portal and register the license Product Authorization Key (PAK) that was sent via e-mail in PDF form: pin.

Cisco Asa 5510 Replacement

Hello. In this building the network goes through a cisco asa 5510 firewall. Recently the internet was just upgraded and to take full advantage of the bandwidth, gigabit interface is needed.

There is only a base license on the ASA 5510 and I was reading a Security Plus license is needed to UNLOCK the port 1 gigabit interface capabilities. (really?)

My Question for anyone familiar with doing the upgrade of license, how easy is it to do this? Do I simply enter the new license key into ASDM, save config and that's it or does the firewall reset and everything needs to be reconfigured? Also, is ebay the only place to acquire such license now since the model is pretty old now? TIA

Thanks for the reference, but I've seen the comparison, I was looking for more of an opinion than anything. Our site will need to be available for 50 or so simultaneous connections. As for a VPN, we don't really have a need for one right now, but it's a possibility for the future I suppose.
What I am really looking for is anyone that has experience with one or the other or both and can attest to how secure or effective each one is with a light amount of configuration.

First and foremost you need to meet your requirements and then forecast out to see of you'll outgrow the capabilities of the devices. Opinions do not meet requirements.
A 5505 will meet your requirement, but you have no room for future expansion. If you decide down the road, you need threat mitigation, or content security, the 5505 doesn't support it. If you don't need the other fancy addons (content security, IDS/IPS, HA) a 5505 will do, but then again, a router will some ACL will do the same thing.
As to the other posts regarding DMZ, the 5505 will support 3 vlans (inside, outside, dmz), so you got that covered.

...is simple. DO NOT GIVE ACCESS TO ANY SERVER ON YOUR INTERNAL NETWORK.
A 5505 is a good option if you are not hosting any web services. The second you need to host something, you need a DMZ. That`s a must. Go with the 5510 and setup the DMZ.
Why? Because if someone hacks into your web service server, it doesn`t have immediate access to your internal systems.
TCB

well, if we are going to set up a DMZ, then we'll need more than just one 5510. Also, since the database that drives the web application has sensitive information on it, we would probably have to set up an internal database server for the web server to access constantly. This would mean either getting two 5510s or one 5510 and a 5505, or two 5505s...just having one wouldn't really provide any protection between the DMZ and the internal network, correct?

The idea is that if someone compremises your server, he/she does not have access to your internal network without going through your firewall once more.
If someone compremises your firewall, it doesn't matter how many you have in a row, he/she will compremise the other just as easily.
Compremising a firewall is a lot harder than compremising a server. Nature is that the hacker will attempt to use the easiest route possible, which means he/she will attack your server first.
Sure two firewalls are better than one, but it depends on how sensitive your information is. In my experience, only highly sensitive situations (banks, financial institutions, military installations) call for a two firewall infrastructure. You should be fine with just one.
TCB.

I see what you mean now...it would certainly make most sense to set up the web server on a DMZ, then if someone were to hack it, they would still get the sensitive info on the web server, but at least they wouldn't get to the internal network.
What would be a good way to keep the sensitive information separate from the web server so that in such a situation, the database would not be compromised?

but its also a matter of risk management, how much are you willing to risk vs how much is the company willing to spend? thats the question.
A basic asa as a lan edge and another asa on the wan edge would create a very nice DMZ, but it could be total overkill.
using a router at the wan edge, you can create acls that only allow access to the web server from specific ip ranges (if its only for internal use.) Also if its only for internal use, using the asa to set up a permanent vpn between locations and it will just be accessable using its ip.
But, if its to be public accessed, a dmz is the normal security practice. But, once again, its all a matter of risk. If you have sensitive data, a DMZ should be considered. It may be from a financial perspective that you will have to do this in 'steps' and not all at once.

I think for now we will just use a single 5510 to set up the internal and dmz networks. This seems like it will be a pretty easy configuration that could even be done strictly through Cisco's ASDM. Then, whenever we can, we will move the database to an internal server so that it is inaccessible by someone who could break out of the web server on the DMZ

my router skills, I completely forgot about using one of the other interfaces as a DMZ. Sheesh.. SYNer is da man here.