comparison switch 6500 and ASA 5500

Unanswered Question
Nov 29th, 2007

Please, can someone help me to decide what is better for using in a lan- wan enviroment to close L2L and remote VPN, and to use as firewall??

I attach the drawing of the network.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 11/30/2007 - 01:24


If you are looking to terminate L2L tunnels/remote access vpn's and firewall all on the same device then you are much better going for the ASA device.

To do this on the 6500 you would need a separate Firewall Service Module and then a VPN module/card as the FWSM cannot terminate L2L/remote access vpn's.



jackeline Fri, 11/30/2007 - 05:03

Hi Jon,

Thanks for your help, but the reason that I am interested in the switch is that in the network there are a lot of servers that need to be acces by the L2l and the remote VPN users. In this case I think the ASA would a bottle neck,

What do you think??

Jon Marshall Fri, 11/30/2007 - 07:47


It depends on how much bandwidth is aggregated from our remote sites and the Internet.

Certainly if you needed 5Gbps throughput of firewall connectivity you would need a FWSM but i suspect you don't need anywhere near that. There are a number of ASA devices and the high end ones are still considerably cheaper than a 6509 solution with service modules.

Take a look at the data sheet for the ASA's

If cost is not an option and you see significant growth requirements or you really do need to look at huge throughput the 6500 is worth consideration.



This Discussion