Router VPN or ASA FW VPN?

Unanswered Question
Jun 24th, 2009
User Badges:


I work in a financial sector of which security is very essential. I need to setup a site-to-site VPN over the internet for one of our subsidiaries oversea. However, i'm in doubt whether to use a Router at both ends or ASA FW. Does using a router has lesser security than using a FW or what advantage do i have using a FW over a router VPN?.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mvsheik123 Wed, 06/24/2009 - 11:29
User Badges:
  • Gold, 750 points or more


For situations where security is primary concerns, I would go with ASA than Router. That way the configurations (allowed/blocked ACLs) will be minimal on ASA when compared to routers.

Also, (Iam not sure if this changed in new IOS with routers), the phase1 lifetime is only 24hrs, but in ASA this can be changed to longer duration. You can even add SSM etc. modules in ASA.



**Rate helpful posts**

I read this somewhere..

"Cisco IOS firewall is often known as "poor mans firewall". If you want a filtering solution, use Cisco IOS. if you want a real firewall that does deep packet inspection, etc...use the Cisco ASA"


This Discussion