Looking at upgrading an ASA 5505 I've inherited.
Wondering what type of license(s) I need to get (or if I should look at a different solution) to "max it out"

So.. there are 8 switch ports. I know I can create vlans, and assign vlans to individual switchports. But can I fully use ALL 8 ports? and have 8 security segments? If I wanted to 'max out' the available subnets, would the following arrangement be feasible?

Port Level VLAN Name (Function)
E0/0 o 1 outside (ISP)
E0/1 100 100 inside (corp)
E0/2 20 20 sec_logs (security management/logging)
E0/3 30 30 dmz_prod (PRODUCTION DMZ)
E0/4 40 40 guestaccess (Internet access for guests)
E0/5 50 50 labnet_1 (test lab subnet)
E0/6 60 60 labnet_2 (test lab subnet)
E0/7 70 70 labnet_3 (test lab subnet)


Finally, I'd really like (not NEED) to have this config with GigE ports vs FastE ports. Any ideas? Money is not unlimited, but I do need to stay as low as possible (and still stay Cisco)..

I'd love to see some maxed (or nearly so) sample configs (sanitized, of course) if anyone is willing to share...

What type of licensing does it have on it right now? Give us a Sh ver

This is my brief experience with the default licensing: It will let you have 10 IPs behind the firewall that can communicate to the outside. So yes, you can use all eight ports. You can create three VLANs, but you can only assign security levels to two of them, so you can only have an inside and outside VLAN (and not a DMZ). There's also limits on the number of VPN connections.

Post a 'show ver.' Also take a look at these two links that explain more about the licensing:

http://www.cisco.com/en/US/products/ps6 ... sting.html
http://packetpushers.net/cisco-asa-licensing-explained/

The only physical upgrades you could do are for RAM of Flash. RAM on older models was 256MB, on newer is 512MB (you need 512MB to run 8.4 and above code on unlimited user or sec plus license). You can buy a 512MB upgrade for it on ebay easily enough for about $20. Flash is just a CF card. Find whatever and slam it in there, though the defaults are usually lots for the 5505.

For licensing, that's where you'll pay money. But like the guys said, let's see a show ver and see where you're at now. Use the link killabee linked you to to see the feature comparison.

_________________
blog.brokennetwork.ca

You don't need 512 for the 5505 unless you have unlimited hosts or Sec+ with failover enabled, FYI.

_________________
http://blog.alwaysthenetwork.com

Ahh, right. Edited my post to reflect that.

_________________
blog.brokennetwork.ca

Too late, sucka!

_________________
http://blog.alwaysthenetwork.com

There is currently a base license. 10 user. No smart-net. OS ver 7.something. Can't do a sh ver at the moment. The device is currently off-line in my office. I know it needs an OS upgrade, smartnet, etc.

History.. aquired as part of a package from a service provider for one of our (now decommissioned) sites. When the term was up, and the site shut down, the C1841 and ASA5505 became our (company) property. As the net guy, I asked for and was allowed to have the decommissioned ASA. Might also ask for the 1841 and a C1811 or two. Intend to use them in the lab. (There's another C1841/ASA5505 set becoming available soon)

I can procure license upgrades and smartnets. Just would like to know where I need to be so that I only need to go to the upgrade cash pot once, regardless of how maxed out or crazy the lab config ends up being. I'm ok with the router configs, but I need to build a shopping list/budget to upgrade these devices. Hence the question.

If you want to do anything vlan you need the security plus license. Probably don't have to upgrade the ram at all or the flash.

For GigE check out the models available. I have two 5520's at work which are all GE minus the management which is FE.
http://www.cisco.com/en/US/products/ps6 ... tml#~tab-a