What kind of cisco firewall should I choose?

Discussion in 'Cisco' started by COZ, Nov 18, 2005.

  1. COZ

    COZ Guest

    I have a small hosting center where each customer have their own VLAN on
    a swich. On this VLAN all their servers are placed.
    I need a firewall that can terminate the customers VPN connections and
    send the traffic into their own VLAN.

    Can a small PIX do the job, or do I need a ASA 5510 securrity plus?

    Regards
    /C
     
    COZ, Nov 18, 2005
    #1
    1. Advertising

  2. In article <437dd18d$0$41144$>,
    COZ <> wrote:
    >I have a small hosting center where each customer have their own VLAN on
    >a swich. On this VLAN all their servers are placed.
    >I need a firewall that can terminate the customers VPN connections and
    >send the traffic into their own VLAN.


    >Can a small PIX do the job,


    Depends on what you mean by "small". The PIX 501 cannot handle
    VLANs at all, the PIX 506/506E can handle only 2 VLANs, and
    the 515/515E and 525 cannot handle more than a dozen VLANs in PIX 6.x
    (but can handle noticably more VLANs if you use PIX 7.0 for them.)

    >or do I need a ASA 5510 securrity plus?


    The 5510 is pretty small too. Perhaps you should give us some numbers --
    number of VLANs you need, throughput you need, number of physical
    interfaces, total number of simultaneous VPN connections, nature of
    those connections (LAN to LAN or PC to LAN), encryption standards you
    require, VPN types required (IPSec, PPTP, L2TP). Also, is it
    acceptable for the VPN termination address at your end to be the same
    for all the customers, with the destination determined by the
    group name and password they log in with (PC to LAN) or by their
    source address (LAN to LAN) ? If you need distinct VPN termination
    addresses for each client, then it could be a bit of a challenge,
    that might be solvable if you have a WAN router that is able to
    route into different VLANs.
    --
    Programming is what happens while you're busy making other plans.
     
    Walter Roberson, Nov 18, 2005
    #2
    1. Advertising

  3. COZ

    COZ Guest

    Walter Roberson wrote:
    > In article <437dd18d$0$41144$>,
    > COZ <> wrote:
    >
    >>I have a small hosting center where each customer have their own VLAN on
    >>a swich. On this VLAN all their servers are placed.
    >>I need a firewall that can terminate the customers VPN connections and
    >>send the traffic into their own VLAN.

    >
    >
    >>Can a small PIX do the job,

    >
    >
    > Depends on what you mean by "small". The PIX 501 cannot handle
    > VLANs at all, the PIX 506/506E can handle only 2 VLANs, and
    > the 515/515E and 525 cannot handle more than a dozen VLANs in PIX 6.x
    > (but can handle noticably more VLANs if you use PIX 7.0 for them.)
    >
    >
    >>or do I need a ASA 5510 securrity plus?

    >
    >
    > The 5510 is pretty small too. Perhaps you should give us some numbers --
    > number of VLANs you need, throughput you need, number of physical
    > interfaces, total number of simultaneous VPN connections, nature of
    > those connections (LAN to LAN or PC to LAN), encryption standards you
    > require, VPN types required (IPSec, PPTP, L2TP). Also, is it
    > acceptable for the VPN termination address at your end to be the same
    > for all the customers, with the destination determined by the
    > group name and password they log in with (PC to LAN) or by their
    > source address (LAN to LAN) ? If you need distinct VPN termination
    > addresses for each client, then it could be a bit of a challenge,
    > that might be solvable if you have a WAN router that is able to
    > route into different VLANs.


    Hi Walter,

    Thank you for your reply.
    It is just a testing firewall and I only need 10 VLAN's and 10 VPN's.
    Later I need a asa 5540.

    But I have to make this firewall work with this funktionality.
    Are thire guides on the net about this setup?

    All the VPN's has to be terminated into a VLAN. All the VLAN are
    connected to a switch with ONE cable... Is this posible?

    /C
     
    COZ, Nov 18, 2005
    #3
  4. COZ

    Cen Guest

    If they have servers inside (linux, ISA, Win2k, etc.), you can already use
    them as VPN terminators.
    Just another option for consideration.

    Cen

    "COZ" <> wrote in message
    news:437dd18d$0$41144$...
    >I have a small hosting center where each customer have their own VLAN on a
    >swich. On this VLAN all their servers are placed.
    > I need a firewall that can terminate the customers VPN connections and
    > send the traffic into their own VLAN.
    >
    > Can a small PIX do the job, or do I need a ASA 5510 securrity plus?
    >
    > Regards
    > /C
     
    Cen, Nov 19, 2005
    #4
  5. COZ

    jdsal Guest

    ASA-5510 does not support VLANs nor security contexts. At ASA-5520 and above
    both VLANs and contexts are supported.

    ASA models comparison:
    http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html


    "COZ" <> wrote in message
    news:437dd18d$0$41144$...
    >I have a small hosting center where each customer have their own VLAN on a
    >swich. On this VLAN all their servers are placed.
    > I need a firewall that can terminate the customers VPN connections and
    > send the traffic into their own VLAN.
    >
    > Can a small PIX do the job, or do I need a ASA 5510 securrity plus?
    >
    > Regards
    > /C
     
    jdsal, Nov 21, 2005
    #5
  6. COZ

    COZ Guest

    jdsal wrote:
    > ASA-5510 does not support VLANs nor security contexts. At ASA-5520 and above
    > both VLANs and contexts are supported.
    >


    The ASA 5510 Security Plus supports 10 VLANs or am I missing something?

    /C
     
    COZ, Nov 21, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Troels
    Replies:
    1
    Views:
    534
    Matt Hawley
    Jun 22, 2004
  2. Mamby Pamby

    I'm confused - which OS should I choose?

    Mamby Pamby, Jul 16, 2004, in forum: Computer Support
    Replies:
    52
    Views:
    1,371
    Himalayan sushie
    Jul 20, 2004
  3. Drew Cope

    Which Camera Should I Choose?

    Drew Cope, Jan 5, 2004, in forum: Digital Photography
    Replies:
    7
    Views:
    477
    Dave Brown
    Jan 7, 2004
  4. MarkZimmerman

    What Kind of Disc Should I be Using?

    MarkZimmerman, Dec 26, 2004, in forum: DVD Video
    Replies:
    1
    Views:
    339
    kaydigi
    Dec 27, 2004
  5. What kind of lens should I use for this?

    , Dec 30, 2004, in forum: Digital Photography
    Replies:
    7
    Views:
    293
Loading...

Share This Page