cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
4
Helpful
4
Replies

comparing ASA with PIX (pix 515E)

beheerggd
Level 1
Level 1

Hi all,

In my organization we have a pix515e. We want to buy a failover pix, but now they recommend us to put away our pix and buy an ASA.

Can you tell me what are the differences between ASA and PIX.

Is the configuration a bit the same on both platforms? With my knowledge of pix, can I configure an ASA too?

Thanks,

Stella

1 Accepted Solution

Accepted Solutions

There are several changes in the ASA CLI that you should be aware (but not afraid) of. The interface configuration is more IOS like now. Also, vpn's are configured a little differently using the concept of groups. I know PIX 7.x will accept old style vpn commands and automagically convert them, but I don't know if the ASA has this logic. Also, the 7.x no longer supports conduits in either PIX or ASA.

The fixup commands have been deprecated in the 7.x OS, in favor of inspection maps (again, more IOS like syntax).

These examples scratch the surface of the differences, but are most likely the ones you will first encounter.

In short though, if you know PIX 6.x (or 7.x), the ASA should be easy to pickup.

View solution in original post

4 Replies 4

JORGE RODRIGUEZ
Level 10
Level 10

Stella, with your knowledge of PIX 515e you should be able to quickly learn the new ASA plaform, personaly I have not used the ASA but rather PIX515e and 501s, I bought a ASA book with the intend to learn what I currently support in which shows command syntax for both the PIX500s and ASA, the CLI is same, but It is obious as in any new platform that we are face with new CLI and features to learn, the ASA is the next generation for cisco's security applience ASA's functionality is far more widen that that of PIX500s in addition to new functions that you have to learn, since you know the PIX500's here are couple of links to compare to with ASAs.

Here are couple of links to refer to:

ASA models comparison

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Migrating from PIX 500 to ASA

http://www.cisco.com/en/US/products/ps6120/prod_brochure_list.html

Hope this helps

Jorge

Jorge Rodriguez

Jorge,

Thanks for your reply. The links you send me are very helpfull.

Stella

There are several changes in the ASA CLI that you should be aware (but not afraid) of. The interface configuration is more IOS like now. Also, vpn's are configured a little differently using the concept of groups. I know PIX 7.x will accept old style vpn commands and automagically convert them, but I don't know if the ASA has this logic. Also, the 7.x no longer supports conduits in either PIX or ASA.

The fixup commands have been deprecated in the 7.x OS, in favor of inspection maps (again, more IOS like syntax).

These examples scratch the surface of the differences, but are most likely the ones you will first encounter.

In short though, if you know PIX 6.x (or 7.x), the ASA should be easy to pickup.

Thanks Steven!

Stella

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: