Can anyone tell me the technical differences and features between the ASA and ISR Firewall? I am in a technical sales position and I find it difficult explaining the difference between the two, when pressed. Especially in a ASA5505/5510 vs 1941/2911 scenario.
If someone could explain the security features ASA's do that ISR's do not that would be helpful also.
- Here is what I know already or so I think I know.
- The firewall/IPSec performance on an ASA is better than the ISR.
- They both run different IOS's
- The ASA does not support routing protocols
- ASDM is much better suited to analyze traffic, but with third party software the same could be achieved on an ISR.
- Routers have multiple interfaces and can perform many different tasks under the ISR umbrella. WLAN controller, Gateway, Gatekeeer, CUBE etc etc
- You can add IPS and CSC modules to an ASA and they will outperform the NME and IOS filtering options for an ISR.
- Routers perform equal cost load balancing and ASA's do not, they only have failover as an option.
From the top of my head:
Botnet traffic Filter
Smart call home
Sepparate trend micro support (Does not rely on ASA performance)
Sepparate IPS support (Does not rely on ASA performance)
Cisco Secure Desktop
Embedded Security policies based on security levels
Availability of Bypass stateful packet inspection for certain traffic
Those are the most common ones, but im sure there are plenty more.