ASA 5550 or Pix 535

Unanswered Question
Feb 28th, 2007

Hi what do u reccommend a pix 535 or asa 5550. Currently have pix525 but need more through put ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ggilbert Wed, 02/28/2007 - 16:31

If you are using PIX 525 - then the max Cleartext throughput would be up to 330 Mbps

and the Concurrent connections limit is 280,000.

For ASA 5550 check out the tabular column in the link given below.

http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html

ASA 5520 or ASA 5540 would be enough if you are looking for just a little more throughput.

Hope this helps.

Cheers

Gilbert

Rate this post, if it helps.

network_team Thu, 03/01/2007 - 01:22

Thanks how do you check how much your current firewall is processing cleartext throughput. Would you recommend asa instead of pix535

ggilbert Thu, 03/01/2007 - 08:15

I would recommend ASA.

throughput = data transmitted/time

sh traffic would give you the data transmitted and time taken.

Cheers

Gilbert

Rate this post

daviddtran Thu, 03/01/2007 - 08:33

I respectfully disagree. I would go with

Pix instead.

Pix can run both 6.3(5) and 7.x while ASA can

only run on 7.x code, and as far as I know,

ALL 7.x version are labeled as "ED". In other

words, they are full of bugs. with 6.3(5), at

least the code is stable "GD". Sure you will

lose some features in 6.x that you will find

in 7.2.x such as hairpinning but I will give

up features for stabilities any days.

my 2c.

David

abhyankar Thu, 03/01/2007 - 08:36

Just a 1 more question related to the conversation. ASA is getting famous. It is known as "All in 1 " box. But is it really a "All in 1 " box ? I called local Cisco vendor in my city. He said, ASA has 4 different version. I know that too. But the question is can I put all 4 modules/version in to 1 single ASA box ? Or I have to buy 4 different ASA's product wise ?

I am from India. No further information is available. I doubt if ASA is already implemented in WIPRO , Infosys in Pune city where I live. How ever they already have VoIP.

My company is not that big, but we are looking for fail over solution & possibly Cisco ASA. Juniper products are too expensive.

Thank you,

Amey Abhyankar.

suschoud Fri, 03/02/2007 - 11:47

i would like to suggest that asa is far more better then pix.

can act as a vpn concentrator/gateway,as a firewall and as an ips/ids solution.what more do u expect from a single box.

7.X is not stable but gd will be soon out and that could save us from random failures.

so,considering long term technological advancements,asa seems to be a better option then pix.

one lag though,there's only one slot in asa.so,you can install either csc or the ips slot,not both at a time.and as far as i know,cisco is working on this overtime so that we could incorporate both in one box.

haithamnofal Fri, 03/02/2007 - 12:38

Hi Guys,

I have one question regarding the same discussion about ASA; as ASA is an "all-in-one" appliance, but would it be performance-wise recommended ro run different features like: IPSec VPN, SSL VPN (which are software-based features), plus IPS (through the IPS module) besides running it as a firewall? I think Cisco does not recommend turning-on all the features at the same device, but what is the determining factor for this and would the recommendation be to have multiple ASA devices back-to-back to achieve the above different requirements?

What do you think?

Regards,

Haitham

daviddtran Fri, 03/02/2007 - 12:55

suschoud,

What you said:

"i would like to suggest that asa is far more better then pix.

can act as a vpn concentrator/gateway,as a firewall and as an

ips/ids solution.what more do u expect from a single box."

- unstable code.

- single point of failure.

ASA is like a dinner buffet. You can get a lot of items on the

plate the the food isn't that good.

"7.X is not stable but gd will be soon out and that

could save us from random failures". I've heard this from Cisco

for almost eight months now. No cigar. Cisco is not the first

vendor on my list, but if I have to go with Cisco, I would go

with pix because I know I can sleep better at night with

version 6.3(5) GD

David

CCIE Security

Actions

This Discussion