1 2 Previous Next 18 Replies Latest reply: Feb 6, 2017 8:41 PM by jasonmadruga84 RSS

    Which ASA Device - 5505 or 5510?

    Ed

      Hello Everyone,

      I am new to the forum and recently certified as CCNA R&S. I am looking to obtain CCNA Security. I already have a Cisco Lab (3 x 1841, 1 x 2811, 2 x 3560, and 2 x 2960). I am trying to find out which ASA device I should go with - the 5505 or the 5510. I do want to conserve money but want to make sure what I am purchasing will meet the certification objectives.

       

      Any suggestions?

       

      Thanks

       

      Ed

        • 1. Re: Which ASA Device - 5505 or 5510?
          Augusto

          Hello Ed!

           

          Both models can meet the certification objectives. One difference from ASA5505, it that this model has switch ports. When configuring ASA 5505 you will use VLANs, for other models you will use routed interfaces.

           

          Regards,

          Augusto

          • 2. Re: Which ASA Device - 5505 or 5510?
            Csaba

            Hi Ed,

             

            I would get 5505 because the latest software release on 5505 is 9.2.4 where as 5510 letst is 9.1.7 new features at 9.2.x is BGP and EEM.

            Embedded Event Manager (EEM) is useful becuse you can tur on interfaces on the timely manner and a lot more.

             

            Regards

            Csaba

            • 3. Re: Which ASA Device - 5505 or 5510?
              Juergen Ilse CCNA R&S

              The 5505 is cheaper in most cases, so i would tend to 5505 (in my opinion, it is sufficient for all needs for exam training). If you want to be more flexible in use of different subnets (the ASA5505 base license includes only 3 VLANs, 1 DMZ restricted), you may look for  a securityplus license (that will add the possibility to use trunks with the integrated switch,  raise the maximum number of VLANs to 20 without any restriction and raise the number of IPSEC VPN peers from 10 to 25). The newest possible firmware on 5505 is 9.2, the newest possible firmware on 5510 is 9.1 (yes, i tried to boot newer firmware on 5510, but the bootloader told me, that the image is incompatible ...). If you really need more power and more networks connected to the ASA, a 5510 may be the better choice. But if you think about 5510, you may also think about a new 5506-X (which runs much newer firmware and is really powerful without a fan, in contrast to that the fan of an ASA5510 makes noise ...). If you want a quiet device without a fan, look for 5505 or 5506-X.

              • 4. Re: Which ASA Device - 5505 or 5510?
                Augusto

                I was not aware that 5510 latest software was 9.1.7, my bad! Well pointed by Juergen and Csaba!

                 

                Is a good idea to use version 9.2.x, as far as I know is the version that the exam is based on.

                 

                Regards,

                Augusto

                • 5. Re: Which ASA Device - 5505 or 5510?
                  Csaba

                  I only know it becuse I bought smartnet support for cisco CCO account so I can download software upgrades for devices.
                  I am not sure what version the exam is based on. But I am running my home network behind the ASA so the fanless 5505 is more ideal.

                   

                  Regards

                  Csaba

                  • 6. Re: Which ASA Device - 5505 or 5510?
                    DavidJ

                    *******, my contract only covers 5510's so I can't the that 9.2 software for the 5505.  Switch ports instead of routed ports may be a set back also, I don't know.

                      What's everyone else's opinion on having the switch ports over the routed ports on an ASA?

                    • 7. Re: Which ASA Device - 5505 or 5510?
                      Ed

                      I see those on places such as Ebay (Cisco ASA5505-SEC-BUN-K9 Security Plus) that has the following specs for around $250.

                       

                       

                       

                      Brand new  Cisco firewall ASA 5505 series

                      Note:This has 20 Vlans so enables you to do ISP Failover

                      Security Plus License

                      50 Local Hosts

                      VPN 3des

                       

                      This was a Cisco RMA

                      Security Plus

                       

                      512 Ram ,128 Mb Flash

                       

                      It is brand new ,but plastic was opened to install activation key

                      Has a license for 50  users

                      Includes Firewall and Power Supply ,Includes console cable

                      Software Version 924(System Image)

                      ASDM Version 743

                      • 8. Re: Which ASA Device - 5505 or 5510?
                        Juergen Ilse CCNA R&S

                        Csaba schrieb:

                         

                        I would get 5505 because the latest software release on 5505 is 9.2.4 where as 5510 letst is 9.1.7 new features at 9.2.x is BGP and EEM.

                        Embedded Event Manager (EEM) is useful becuse you can tur on interfaces on the timely manner and a lot more.

                        Yes, EEM is very useful and i missed it in one situation: I configured an IKEv2 IPSEC VPN tunnel from my ASA5510 at home to my employers network (i have only a dynamic IPv4 address at home, but i route a network with static IP addresses through that VPN tunnel), and because i have not a static ip address as tunnelendpoint on my side, i need traffic from my inside network to force tunnel setup. In a similar VPN configuration for a customer, i solved this issue with an EEM applet using packet-tracer to force the tunnel-setup even if there is no traffic from inside network. Unfortunately my ASA5510 is unable to run a firmware version with EEM (in contrast to 5505). Also one may think about the fact that support for 5510 ends in 2018 (no firmware updates anymore, even if there are security issues after the end of support). I don't know the end of support for ASA5505, but i'm sure, it will be later than for 5510 ...

                        • 9. Re: Which ASA Device - 5505 or 5510?
                          Juergen Ilse CCNA R&S

                          David schrieb:

                           

                          *******, my contract only covers 5510's so I can't the that 9.2 software for the 5505.  Switch ports instead of routed ports may be a set back also, I don't know.

                            What's everyone else's opinion on having the switch ports over the routed ports on an ASA?

                          I would prefer routed ports, but your mileage may vary ...

                          • 10. Re: Which ASA Device - 5505 or 5510?
                            arteq

                            5510 at least...

                            • 11. Re: Which ASA Device - 5505 or 5510?
                              DavidJ

                                Yeah, that's what I prefer, but since most of my experience is on the Router/Switch side I wanted to check with others. 

                              • 12. Re: Which ASA Device - 5505 or 5510?
                                Ed

                                Thanks Everyone,

                                I appreciate the advice on which direction would be the best.

                                • 13. Re: Which ASA Device - 5505 or 5510?
                                  Augusto

                                  Just to complement, ASA image recommended for CCNA Security on Cisco Networking Academy is 9.2.3.

                                   

                                  Regards,

                                  Augusto

                                  • 14. Re: Which ASA Device - 5505 or 5510?
                                    Don

                                    Hi Ed,

                                    you can get away with the 8.xx Software release as it can do all the CCNA Security labs. You also have the choice to virtually set up ASA on GNS 3 to save you some cash.

                                     

                                    All the best!

                                    DMC

                                    1 2 Previous Next