Solved: Please advise PIX or ASA

bavingtonm · ‎08-19-2008

Hi

Could I have your thoughts on what is the best option as a firewall/VPN appliance. The network I'm looking to deploy the appliance on has a Webserver and a Mail server with Outlook Web access that require outside access. There are a few servers that have a requirement for remote access also, so I was thinking of using 3DES IPSec VPN tunnels for users to access the LAN.

I have used and configured PIX 515 firewalls before on networks using Cisco VPN Client software to access the LAN remotely, so I am to a degree familliar with this technology. But I'm not however familliar with the ASA appliances and was hoping for an opinion on what is the most cost effective, straight forward and easiest to deploy?

Many thanks

Mark

JORGE RODRIGUEZ · ‎08-19-2008

Mark,

I would definately recomend that you integrate the new ASA product versus the PIX, as you may already be aware that PIX platforms have reached End Of Life. If you were in a scenario where you were utilizing PIX515 and were looking into additional features that PIX 6.3.5 code does not provide then it would be feasable to upgrade code to 7.x-8.x on 515 for example to take advantage of much reacher features in code 7.x and above. But it seems this is not the case, if you are looking to implement a new security applience look into ASA5500 series.

If you are familiar with PIX you will be fine, of course, there are new features to learn and totally new architecture but the basic concept of firewalling and traffic control remains the same. All your requirements such as L2L VPNs, RA VPNS can be accomplish in addition to other great features you would never see in code 6.3.5.

The most important point is to integrate a new platform, not one that has reach end of life, that is my personal opinion.

ASA Platforms

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Rgds

Jorge

Jorge Rodriguez

View solution in original post

JORGE RODRIGUEZ · ‎08-19-2008

Mark,

I would definately recomend that you integrate the new ASA product versus the PIX, as you may already be aware that PIX platforms have reached End Of Life. If you were in a scenario where you were utilizing PIX515 and were looking into additional features that PIX 6.3.5 code does not provide then it would be feasable to upgrade code to 7.x-8.x on 515 for example to take advantage of much reacher features in code 7.x and above. But it seems this is not the case, if you are looking to implement a new security applience look into ASA5500 series.

If you are familiar with PIX you will be fine, of course, there are new features to learn and totally new architecture but the basic concept of firewalling and traffic control remains the same. All your requirements such as L2L VPNs, RA VPNS can be accomplish in addition to other great features you would never see in code 6.3.5.

The most important point is to integrate a new platform, not one that has reach end of life, that is my personal opinion.

ASA Platforms

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Rgds

Jorge

Jorge Rodriguez

bavingtonm · ‎08-19-2008

Hi Jorge

Thanks for the advise, makes perfect sense!

Regards

Mark

JORGE RODRIGUEZ · ‎08-19-2008

Mark, you are very welcome.

Rgds

Jorge

Jorge Rodriguez