Enquiry about ASA or PIX

Unanswered Question
Feb 24th, 2007

Hello,

I work with a software company. We currently have 160 user's. We have >

Cisco 515e Firewall ( We dont have failover firewall )

Cisco 1841 Router

3 COM layer II switches

1 quantity of Cisco catalyst 3560 layer III switch

1 linux running proxy server.

Requirement >

I am looking for a all in 1 solution.

I know Cisco's ASA. But I haven't worked on it at all. I just went through Cisco's

documentation. I want a single box which can be a DHCP server, A Firewall, a router & AAA server.

Anybody can suggest flexible appliance from Cisco Systems which can mainly handle following tasks >

Firewall capability

WAN routing

Proxy ( Access control mechanism I can say )

I heard of few Juniper devices which can Firewall,router & proxy. All 1 in box. But i prefer Cisco appliance. Any suggestion with technical positive and negative points ?

Thank you,

Regards,

Amey Abhyankar.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
daviddtran Sun, 02/25/2007 - 07:12

Hi Amey,

ASA/Pix can NOT terminate WAN connections such

as T-1, Frame Relay or MPLS to the firewall

itself. Pix/ASA can only terminate Ethernet,

Fast Ethernet and Gig connection to the

firewall.

If you go with Juniper/Netscreen or Nokia

appliances running Checkpoint, they can

terminate WAN connections to the firewalls

itself. I am not sure if it can terminate

MPLS connections.

Nokia, Juniper and Pix can be a DHCP Server.

Not sure about ASA.

Nokia/CP and Pix can not function as a proxy

server. Not sure about Juniper

Nokia/CP, Pix/ASA and Juniper can not function

as a AAA server.

If you are looking for an ALL in 1 solution,

I would suggest that you go with Linux

firewall. The linux can function as the

following:

AAA Server = Freeware Tacacs+ and FreeRadius (I have it running right now and it is working great)

proxy server = squid (i've it running right now)

firewall = ip masquerading with iptables (i've it running at the moment)

WAN routing = I've not tried but I think gen2

can do this. By that, I mean you can

terminate WAN connection such as T-1, Frame

relay to the linux box itself.

DHCP Server = dhcpd.conf will do the trick

As far as support for the linux firewall/

AAA/DHCP/WAN routing/Proxy, that's a separate

issue.

David

Actions

This Discussion