[c-nsp] Firewalls "as-a-service" in an MPLS infrastructure...
Reuben Farrelly
reuben-cisco-nsp at reub.net
Mon Jul 11 04:32:40 EDT 2011
On 11/07/2011 6:00 PM, Nick Hilliard wrote:
> On 09/07/2011 17:22, Derick Winkworth wrote:
>> The ASA I think can support up to 500 contexts now, but with contexts enabled
>> I'm hearing there is no crypto support. I'm not sure this is an impediment for
>> us but I can see it being an issue for folks.
>
> In multiple context mode, there is no support for:
>
> - dynamic routing
> - ipsec
> - any sort of VPN
> - QoS
> - phone proxy
> - pppoe
>
> Although multiple contexts are something I'd like to use, their limitations
> on ASA are so severe that I don't use them.
+1. IOS based routers such as an ISRG2, while not having anywhere near
the throughput, have the swiss army knife appeal of being able to do all
these as well as all the firewall needs that most customers seem to need
as long as you watch the CPU load.
And the licensing for multiple concepts is most certainly not cheap
either, so it's not like you can sacrifice some features on account of
the cost. AU$5220 for a 5 context license, (yes I know no-one pays
RRP), or even at 50% off RRP, it still comes in at about $500 per context.
I wonder how an ASR1k stacks up against an ASA with multi context -
anyone tried firewalling (such as the ZBFW) on an ASR?
Reuben
More information about the cisco-nsp
mailing list