[c-nsp] ASA vs ISR ZBFW
Matthew Huff
mhuff at ox.com
Fri Sep 9 11:17:39 EDT 2011
Gert,
I understand where this comes from, but the ASA is a bit more modern then the "PIXen".
1) It now does dynamic routing (RIP, OSPF, EIGRP)
2) Nat (as of 8.3+) is now "normal"
3) The inspect feature still has issues but is necessary for many protocols and is implemented very similar on the ZBFW in ios.
----
Matthew Huff | 1 Manhattanville Rd
Director of Operations | Purchase, NY 10577
OTA Management LLC | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Gert Doering
> Sent: Friday, September 09, 2011 11:05 AM
> To: Jay Nakamura
> Cc: cisco-nsp
> Subject: Re: [c-nsp] ASA vs ISR ZBFW
>
> Hi,
>
> On Fri, Sep 09, 2011 at 01:31:06AM -0400, Jay Nakamura wrote:
> > I have been wondering lately, what advantages do ASA have over ISR as
> > a firewall on the low end? As just one stand alone firewall, what
> > features are there for ASA that distinguishes itself? Often, I
> rather
> > have an ISR over an ASA so I have more flexibility in a budget
> > environment.
>
> It has "FIREWALL!!" painted on the front cover, and will not do dynamic
> routing. And the NAT is much more interesting, and the way "fixup"
> helpers damage perfectly reasonable communications...
>
> Mmmh. This certainly doesn't read as if I like PIXen. Wonder why.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025 gert at net.informatik.tu-
> muenchen.de
More information about the cisco-nsp
mailing list