I heard buzz a few months ago that BGP support is on the feature map for the ASA. I would assume this is software version 10.X running on the next-gen family (5515x, etc).
BGP support would be very useful for not only load-balancing between multiple ISPs, but also load balancing across multiple VPN tunnels. The Palo Alto firewalls do this very well and I'm thinking that's what finally put the pressure on Cisco to have a comparable product.
To answer your question, Cisco wants its customers (or at least used to want its customers) to use the ASA as a firewall and not a router. So you would have one device that is your firewall and one device that is your router. I suppose they started to realize that customers are looking for an all in one device, so they started adding routing features to the ASA, and firewall features to the routers, yet the firewall still doesn't have all the routing capabilities of a router and the router doesn't have all the firewalling capabilities of the ASA.
You can speculate that this is a marketing ploy so you are required to purchase more devices, or you could look at it in such a way that it is best practice to seperate all functionality in the instance that a device does get hacked.
Please remember to select a correct answer and rate
Please remember to rate and select a correct answer
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...