Re: building the security rack ASA 5505s do the trick? posted 01/06/2008
* darth router wrote:
Are there any major limitations I would face if I used 2
5505s with the basic license in my security rack?
As already suggested by other people, the 5505 is too limited to lab up
more advanced features. By this, I especially refer to security contexts
in combination with failover.
If you really want the hardware but dont want to buy a pair of 5510,
perhaps a pair of used PIX 515(E) is a cheaper alternative. You can do
some rack rentals to get familiar with WebVPN, or use the 5505 with base
I suppose I could just use Qemu and emulate them, but I would like to have
the hardware. Any tips?
Its nice to have all boxes there for real, but in my home lab, I had a
5505 (Sec+ license), a VPN concentrator and one 3750 switch only (all
borrowed). The rest was done with dynamips, pemu and vmware
I could play with all the technologies - like PIX/ASA multiple contexts
and failover (pemu), transparent firewall and VPN (5505 only for
WebVPN). Such a home lab is great in the first phase of lab
preparation, when you need to dive into every topic, and later if you
need clarification on a topic that bugs you.
For the 'full lab scenario workbook phase': if you need to buy lots of
hardware now, compare it with the costs for rack rentals. Even by having
a home lab and being able to map workbook vendors topology to it
(interesting first but annoying task later), I did rack rentals. You
dont want to fight problems within your home lab topology anymore when
you are in the last phase of lab preparation. I invested about $1000
into rack rentals over 3 months (~250 hours); I think a single 5505 is
After all, my suggestion is that if you cannot afford a full hardware
security lab (like most people): Build something that helps you to
understand all the major technologies, invest wisely in *some* hardware,
but do the full scale labs on real (rented) hardware.