[c-nsp] FWSM - No Traceroute

Kaj Niemi kajtzu at basen.net
Wed Mar 26 09:37:46 EDT 2008 

Hi,


The FWSM works really at high bandwidth rates and integrates quite  
well into a Catalyst (no cabling, your choice of being in front of  
MSFC or behind, etc.) as long as you do not exceed limits on ACEs, see http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/specs.html#wpxref93963 
  - in very high security (or pedantic ;-)) environment it can happen  
quite soon.


On Mar 26, 2008, at 15:25, Fred Reimer wrote:
> The FWSM isn't a half-assed ASA.  It is a firewall-only module.  It  
> doesn't
> have the VPN capabilities of the ASA, obviously does not have  
> modules you
> can add like an IPS or CSC, and is strictly a firewall.  It also  
> lags behind
> in features; you'll notice that the FWSM is one or two features  
> "behind" an
> ASA.  I have no doubt you'll be impressed with the next major rev  
> when it
> comes out though.  So I wouldn't call the FWSM a half-assed ASA,  
> meaning it
> wanted to be like an ASA but couldn't quite hack it.  Rather, it  
> tries to
> fit into a different role, and does quite well at it.
>
> Thanks,
>
> Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
> Senior Network Engineer
> Coleman Technologies, Inc.
> 954-298-1697
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Christian
> Sent: Tuesday, March 25, 2008 5:24 PM
> To: Raul Lopez Nevot
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] FWSM - No Traceroute
>
> traceroute is in ASA though...
> /act# traceroute ?
>
>  Hostname or A.B.C.D  Trace route to IPv4 address or hostname
> /act# traceroute
>
> and FWSM is like a half-ass ASA..thats why i am curious what exactly  
> is the
> technical reason that there isnt a traceroute command
>
>
>
> On Tue, Mar 25, 2008 at 5:12 PM, Raul Lopez Nevot  
> <r.nevot at gmail.com> wrote:
>
>> On Tue, Mar 25, 2008 at 8:17 PM, Christian <christian at visr.org>  
>> wrote:
>>
>>> yeah why is there no traceroute command, sorrry not being clearer
>>
>>
>>
>> This question only can be answered by cisco people, but I live with  
>> cisco
>> PIX (so then ASA and FWSM, we have a few) since version 4.4 and  
>> never was
>> this command there.
>> Since the PIX is not native from cisco (its OS, named Finesse, was  
>> from
>> another company, Network Translation I think it was), and is not
>> IOS-powered, sure the former did not implement this command and  
>> nobody at
>> Cisco did.
>>
>> By the way, and sorry for the very BIG off-topic, do anybody know  
>> the name
>> of Cisco Engineer that converted a PIX into FWSM? They told me this
>> engineer
>> is from Sabadell (Barcelona/Spain), and I'm from there, and it  
>> would be
>> nice
>> to meet him!
>>
>> Sorry again for the OT.
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




HTH

Kaj
-- 
Kaj J. Niemi
<kajtzu at basen.net>
+358 45 63 12000

More information about the cisco-nsp mailing list