Re: Product number/description for ASA

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Wed Jun 25 2008 - 02:21:05 ART

• Next message: atif raees: "IP Accounting for NAT"
• Previous message: Muhammad Nasim: "Re: IPS 4240 Emulation"
• Maybe in reply to: Ajay mehra: "Product number/description for ASA"
• Next in thread: muhtari.adanan@bt.com: "RE: Product number/description for ASA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Ajay,

    If they are paying then the more the merrier ;) Otherwise make sure
to rent some rack time later in your preparation to cover active/standby
and active/active failover, as these can be tricky configurations that
can leave your network non-functional if you don't know the correct
order that it needs to be implemented in.

HTH,

Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan@internetworkexpert.com <mailto:bmcgahan@internetworkexpert.com>
 
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

Ajay mehra wrote:
> Thanks Brian for making it clear.
>
> To be precise my employer is buying one ASA for me. I could convince him on
> buying at least one but not all the CCIE security devices. Depending upon
> the equipments availability in my project lab I am planning to
> build minimum possible labs referring to IE VOL 1 and then use rack rentals
> for rest of the VOL 1 and VOL 2.
>
>
> Thanks ,
> Ajay
>
>
> On 24/06/2008, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
>
>> The part number is ASA5510-SEC-BUN-K9. You need the security plus feature
>> set to run active/active failover for multiple context mode, which is a very
>> important feature to learn during your preparation. Honestly you may
>> consider using rack rentals instead of buying equipment for the security
>> exam, as these ASAs can run you about $3000 USD apiece with this feature
>> set.
>>
>> If you do end up buying them make sure you don't make the mistake of buying
>> ASA5510-BUN-K9, as it cannot run the feature set you need, and it's not like
>> an IOS router where you can just upgrade the code. The feature set is based
>> on an activation code for your individual serial number that you have to get
>> from cisco.com. If you're weary about your seller for it get the output
>> from the show version from them, like below. Make sure that it says "Failover:
>> Active/Active" and "Security Contexts: 2" or a number higher than 2.
>>
>>
>> ciscoasa# show version
>>
>> Cisco Adaptive Security Appliance Software Version 7.2(3)
>> Device Manager Version 5.2(2)
>>
>> Compiled on Wed 15-Aug-07 16:08 by builders
>> System image file is "disk0:/asa723-k8.bin"
>> Config file at boot was "startup-config"
>>
>> ciscoasa up 1 hour 20 mins
>>
>> Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
>> Internal ATA Compact Flash, 256MB
>> BIOS Flash M50FW080 @ 0xffe00000, 1024KB
>>
>> Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision
>> 0x0)
>> Boot microcode : CNlite-MC-Boot-Cisco-1.2
>> SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
>> IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
>> 0: Ext: Ethernet0/0 : address is 001b.d46e.3f48, irq 9
>> 1: Ext: Ethernet0/1 : address is 001b.d46e.3f49, irq 9
>> 2: Ext: Ethernet0/2 : address is 001b.d46e.3f4a, irq 9
>> 3: Ext: Ethernet0/3 : address is 001b.d46e.3f4b, irq 9
>> 4: Ext: Management0/0 : address is 001b.d46e.3f47, irq 11
>> 5: Int: Not used : irq 11
>> 6: Int: Not used : irq 5
>>
>> Licensed features for this platform:
>> Maximum Physical Interfaces : Unlimited
>> Maximum VLANs : 100
>> Inside Hosts : Unlimited
>> Failover : Active/Active
>> VPN-DES : Enabled
>> VPN-3DES-AES : Enabled
>> Security Contexts : 2
>> GTP/GPRS : Disabled
>> VPN Peers : 250
>> WebVPN Peers : 2
>>
>> This platform has an ASA 5510 Security Plus license.
>>
>> Serial Number: xxxxxxxxx
>> Running Activation Key: xxxxxxx
>> Configuration register is 0x1
>> Configuration has not been modified since last system restart.
>> ciscoasa#
>>
>>
>> Good luck!
>>
>> Brian McGahan, CCIE #8593 (R&S/SP/Security)
>> bmcgahan@internetworkexpert.com
>>
>> Internetwork Expert, Inc.
>> http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
>> Toll Free: 877-224-8987 x 705
>> Outside US: 775-826-4344 x 705
>> 24/7 Support: http://forum.internetworkexpert.com
>> Live Chat: http://www.internetworkexpert.com/chat/
>>
>>
>>
>> Ajay mehra wrote:
>>
>> Hi Guys,
>>
>> I am planning to order ASAs for my CCIE security lab but I am not sure which
>> one to buy. Can anyone please let me know the exact product number and
>> description of ASA device being used in IE labs? I am planning to build my
>> topology similar to them. Their topology diagram says ASA 5510 but what is
>> the product number to fill the minimum requirements.
>>
>> Thanks,
>> Ajay
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

• Next message: atif raees: "IP Accounting for NAT"
• Previous message: Muhammad Nasim: "Re: IPS 4240 Emulation"
• Maybe in reply to: Ajay mehra: "Product number/description for ASA"
• Next in thread: muhtari.adanan@bt.com: "RE: Product number/description for ASA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART