PIX and ASA

Unanswered Question
Nov 28th, 2007

Hello,

I'm very interested in learning Cisco, specifically for small business and for companies with less that 100 users +/-. I would like to learn how to configure the routers for setup/install/troubleshooting - opening/closing ports etc - vpn site-site to site configurations etc. I know there are many different types of Cisco Routers/Firewalls and I'm not sure which one to start with but I figured probably PIX 501 since being a small business consultant this firewall is common in these situations.

I have no time now for classroom training so I would like to know if there are any good books for total beginners with Cisco?

I have 10 years experience with networking and know how to configure any 3rd party router/firewall and have some decent experience with MS ISA 2004.

What would you recommend I should do? Are there any virtual labs I can use that will simulate the PIX? Also what about ASA, should I start with that instead of PIX?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (8 ratings)
Loading.
kevin.jones1 Wed, 11/28/2007 - 12:40

For routers, switches and Access Points, Cisco

is an excellent solution. In terms of

security devices, cisco is a horrible solution.

I would go with Checkpoint firewalls and Juniper

for IPS solutions and RSA SecurID for two-factor

identity management.

ccbootcamp Thu, 11/29/2007 - 07:52

Don't go with a pix501, look at the ASA5505, it will run the latest code (the pix501 wont). if you have more than 25-50 users, take a look at the asa5510 dependind on what you're trying to accomplish. The asa5510 w/ the IPS blade is a great security solution.

If you want some security technology hands on practice and labs, check out our security technology workbook:

www.ccbootcamp.com/cciesecuritylw-tech.html

ttyl

brad

www.ccbootcamp.com

SteveDexter Thu, 11/29/2007 - 13:03

I looked at your link and the book looks good. But how advanced is it? I want some practice with a lab as well, but I am concerned (and SCARED) by the CCIE in the title of the book!

ccbootcamp Thu, 11/29/2007 - 13:13

It starts off pretty basic, but yes, it does get a bit advanced. The book is huge (over 500 pages). So it will probably cover a lot more information than you will need to know to get started, but it will definitely get you started!

-brad

www.ccbootcamp.com

tolinrome Thu, 11/29/2007 - 14:07

Thanks Brad. So I guess the ASA is now the way to go...

I'm not looking to know everything about it enough to open ports/vpn setup/config - all for small business. I'll take a look at the book from the link you posted.

If I learn the ASA basic enough, will I be able to walk into a small business and configure/setup their PIX 501 as well?

ccbootcamp Thu, 11/29/2007 - 14:20

Well...yes and no. The Pix501 is going to run 6.X code and the ASA is going to run 7.X code. the versions of the code and commands are very different. Theory is pretty much the same (how a firewall works, etc).

Good NEWS: There are a lot of example configs available for BOTH 6.x and 7.x if you search through cisco's tech support area of the website.

www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

If you really want to learn/play with both versions, get a PIX 515. It will run 6.X and 7.X :)

-brad

www.ccbootcamp.com

(please rate the post!)

tolinrome Thu, 11/29/2007 - 14:28

Your posts are great - Thank You so much - I will rate them. I've been racking my brains out with research the last few days your posts have been the most helpful.

So...

- If I get a PIX 515 and use version 6.X - I will learn the PIX.

- If I upgrade the PIX to version 7.X I can then learn the ASA

I just want to be sure I'm doing what makes the most sense.

Thanks!!!

mark.j.hodge Thu, 12/06/2007 - 15:23

A PIX 515 can run version 6.X, 7.X and 8.X software, the PIX 501 can only run version 6.X.

The ASA devices can run version 7.X and 8.X.

The same version of software has equivelent capabilities on the different platforms in most respects. There are a few diffences mostly with regard to hardware capabilities and SSL VPN.

For a new implementation definately go with an ASA, the PIX product range is approaching end of life.

Actions

This Discussion