Catalyst 6509 FSM or ASA is better

Unanswered Question
Feb 2nd, 2010
User Badges:
  • Bronze, 100 points or more

Dears ,


I'm in a confusion that what to choose from the below 2 when implementing a small data centre



Option 1 : Cisco 6509( WS-C6509 with Sup 720-3B)  + FWSM (WS-C6513-FWM-K9)

Option 2 : WS-C6509 and ASA


My requirement is to protect from outside attacks only ..Also what are the failover options available with FWSM ?

I need only certain VLANs to be passed thru FWSM .


Another Question is regarding HSRP , i have two 6509 switches both with 7203b ,but interfaces are different .Whether i Can run HSRP on this ? Whether it need to be the same exact hardware ? .Whether I can put FWSM in one switch only for now or is it needed to put in both switches

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Tue, 02/02/2010 - 11:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Haris,


FWSM:

can be used in multicontext, contexts can be routed or transparent.


FWSM failover option is to have one FWSM on chassis 1 and second FWSM on chassis 2.


the two chassis can be connected by a L2 trunk, you can have one vlan used for failover and one vlan used for stateful exactly as with an ASA pair.


>> I need only certain VLANs to be passed thru FWSM .


this is possible, only vlans specified in firewall vlan-group on C6500 supervisor are passed to the FWSM.


We use this setup in several server farms with good results.

FWSM can process 3 Gbps of traffic.

FWSMs cannot act as VPN terminator as an ASA


The ASA performance depends from the model. ASA 5580-40 outperforms FWSM but this is not true for other models


Hope to help

Giuseppe

Actions

This Discussion