[c-nsp] FWSM - No Traceroute

Fred Reimer freimer at ctiusa.com
Wed Mar 26 09:25:07 EDT 2008


The FWSM isn't a half-assed ASA.  It is a firewall-only module.  It doesn't
have the VPN capabilities of the ASA, obviously does not have modules you
can add like an IPS or CSC, and is strictly a firewall.  It also lags behind
in features; you'll notice that the FWSM is one or two features "behind" an
ASA.  I have no doubt you'll be impressed with the next major rev when it
comes out though.  So I wouldn't call the FWSM a half-assed ASA, meaning it
wanted to be like an ASA but couldn't quite hack it.  Rather, it tries to
fit into a different role, and does quite well at it.

Thanks,

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Christian
Sent: Tuesday, March 25, 2008 5:24 PM
To: Raul Lopez Nevot
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] FWSM - No Traceroute

traceroute is in ASA though...
/act# traceroute ?

  Hostname or A.B.C.D  Trace route to IPv4 address or hostname
/act# traceroute

and FWSM is like a half-ass ASA..thats why i am curious what exactly is the
technical reason that there isnt a traceroute command



On Tue, Mar 25, 2008 at 5:12 PM, Raul Lopez Nevot <r.nevot at gmail.com> wrote:

> On Tue, Mar 25, 2008 at 8:17 PM, Christian <christian at visr.org> wrote:
>
> > yeah why is there no traceroute command, sorrry not being clearer
>
>
>
> This question only can be answered by cisco people, but I live with cisco
> PIX (so then ASA and FWSM, we have a few) since version 4.4 and never was
> this command there.
> Since the PIX is not native from cisco (its OS, named Finesse, was from
> another company, Network Translation I think it was), and is not
> IOS-powered, sure the former did not implement this command and nobody at
> Cisco did.
>
> By the way, and sorry for the very BIG off-topic, do anybody know the name
> of Cisco Engineer that converted a PIX into FWSM? They told me this
> engineer
> is from Sabadell (Barcelona/Spain), and I'm from there, and it would be
> nice
> to meet him!
>
> Sorry again for the OT.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3080 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080326/b0e4a5ee/attachment.bin 


More information about the cisco-nsp mailing list