02-13-2007 05:50 PM - edited 03-11-2019 02:33 AM
Hello.
I was wondering if anyone can give recommendations for learning PIX/ASA firewalls.
I have accepted a new job lately and they have a ASA appliance and would like me to handle the duties, which is great and I am really excited.
With that, I was wondering if anyone could make recommendations on how to get completely comfortable with ASA firewall.
Any recommended books?
What about purchasing a 501 PIX off ebay to play with? I know it is different, but isn't the IOS similar?
I appreciate it.
TCG
02-13-2007 06:00 PM
Hello TCG
If you have already worked on PIX, ASA should be easy and its almost the same, with the new 7.x version !!! If not, you got to study some basics of firewalling, and then get to know the advance modules of ASA, if any !!!!
There are some good trainings in the URL below,
http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html
You can probably start off with the basics and use this URL to build up.... you anyway, have netpro to answer to all your question, in your learning curve....
Raj
02-13-2007 06:15 PM
Thanks Raj...that was a fantastic link.
Would you recommend getting a PIX 501 off ebay just to play around in at home?
Possible to upgrade a 501 to the nex 7.x IOS?
Thanks again!
TCG
02-13-2007 07:55 PM
Hello Jason,
PIX 501 does not support Verion 7.0... Infact the following firewalls do not support :
PIX 501, PIX 506E and PIX 520...
You can have V7.0 with PIX 515E, 525 and 535 which has atleast 16 MB of flash !!
I guess you can practice it with your live PIX/ASA in your office ;) We would learn more and be really precautious when we work with live boxes :)
Raj
02-14-2007 02:10 AM
both version 515 and 515E will run version 7.x.
I've done it many times. The difference
between 515 and 515E is really the processor
speed and that 515E comes with built-in
VPN accelerator card. Otherwise, they are
exactly the same, AFAIK. They both will run
version 7.x for you.
David
CCIE Security
02-14-2007 08:19 AM
Thanks David for the info. I do appreciate it.
I am currently debating right now as to whether I should get a 501 or a 515 from ebay. I like the idea of a 515 since it will run version 7.x, which would be what the ASA will be running at my new job.
Would it be worth it to work on a 7.x over a 6.3 version? Is their THAT much of a difference? I have pretty much worked in a 6.1 version.
Thanks guys.
Jason
02-14-2007 10:11 AM
Jason,
If I were you I would buy the Pix515 instead of Pix501 so that you can learn more about Pix 7.x.
Another thing is that with Pix515 (even with R
license), you still have the ability to have
physical DMZ while with Pix501, you can only
inside and outside. With Pix515, you can do
trunking but not with 501. If you decide to be
cheap, go with Pix506, that will allow you to
do trunking but pix506 will not run version
7.x code (even though I heard from the
grave vine that someone managed to load
version 7.0 beta code on a pix506)
7.x has much more feature than 6.x; however,
that being said, 7.x is much more 'buggy' than
6.3(5). That's why you see ALL 7.x code has
the label "ED" which is AKA "beta code".
Good luck to you.
David
02-14-2007 10:19 AM
Thanks David. That was excellent information and something that really helps me make a more informed decision.
Would working with a 515 and 7.x be beneficial to working with an ASA appliance? I might be wrong, but I think the ASA run the same version as PIX? The only difference is that the ASA is newer and has some extra modules that you can basically plug in?
Looks like the latest version is 7.2 just looking at the docs for both PIX and ASA.
Thanks David. That was great!
-Jason
02-14-2007 10:49 AM
Pix does not plugged in modules and it can
not terminate SSL VPN. ASA can have plugged-in
modules such as IDS/IPS, content filtering and
you can terminate SSL VPN on the ASA. I've
never touched an ASA myself.
Strictly from the firewall perspective, Pix and ASA are the same 'cause they run the same code.
I like Pix but I like Juniper and checkpoint
firewalls even more because they are much
easier to use than pix/ASA but I am biased.
David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide