[c-nsp] BGP support on the new ASA5585-X
Keegan Holley
keegan.holley at sungard.com
Sat Oct 30 15:37:37 EDT 2010
I suppose it's cost effective if you need that much throughput, but it's
definitely a big jump to the ASR if you simply want to run BGP on a firewall
1Gbps or lower.
On Sat, Oct 30, 2010 at 11:07 AM, <cisconsp at secureobscure.com> wrote:
> 30k for an ASR 1002 vs. 225k for an ASA 5585?
> The 1002's support VASI (VRF aware service infrastructure) and ZBF,
> (mpls+bgp+ldp+ospf), making them a passable inter-vrf mpls-vpn
> transport/routing/firewall device.
>
> John
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Keegan Holley
> Sent: Saturday, October 30, 2010 9:54 AM
> To: Mack O'Brian
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] BGP support on the new ASA5585-X
>
> On Sat, Oct 30, 2010 at 2:08 AM, Mack O'Brian <mackobrian40 at gmail.com
> >wrote:
>
> > On Fri, Oct 29, 2010 at 3:37 PM, Chris Evans <chrisccnpspam2 at gmail.com
> > >wrote:
> >
> > > If you have to have cisco you could use an asr1k. They support line
> rate
> > > stateful firewalling and all routing protocols that you could think of.
> > >
> >
> >
> > After reading your comment on asr1k, I started reading and here is what
> > Cisco marketing says; how good asr1k be in reality for fw is something
> > different:
> >
> > "Up to 20 Gbps of Zone Based Firewall, Deep Packet Inspection, in-box
> > stateful firewall failover for nonstop services, all firewall processing
> > done in Cisco Quantum Flow Processor, Integrated threat control to
> prevent
> > and defend against attacks."
> >
>
> sounds expensive...
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
More information about the cisco-nsp
mailing list