Does anyone have a link for a document that highlights the features of an ASA appliance over a PIX? We want to replace our PIXs but want to put together an executive summary with the advantages to go with the proposal. I have not seen a compare / contrast document on CCO so am working off the ASA feature guides and things.
While the PIX is an excellent firewall, the landscape of security has changed over the years. It's no longer sufficient to protect your network with a stateful packet filtering firewall. There are so many new threats to a network-including viruses, worms, unwanted applications (e.g., P2P, games, instant messaging), phishing, and application-layer attacks.
When a device does protect against this variety of threats, we say it offers "anti-X" capability or "multi-threat" protection. But the PIX just hasn't been able to offer this level of protection.
Most organizations don't want to have a PIX performing stateful firewall filtering and some other appliance protecting you from other threats. Instead, they want an "all-in-one" device-or a unified threat management (UTM) device.
The ASA does offer protection from these different types of attacks. It can even be more of a UTM device-however, it needs a Content Security and Control Security Service Module (CSC-SSM) to be a real UTM. This is the module in an ASA that performs the anti-X functions. Without the CSC-SSM, the ASA functions more like a PIX.
So which one is right for your organization? As always, the answer lies with your organization's unique needs. However, I would choose the ASA over the PIX any day. First of all, an ASA typically costs less than a similarly featured PIX. Besides the cost incentive, it just seems like a logical choice to choose the newer and faster technology.
ASA could take the place of three separate devices-a Cisco PIX firewall, a Cisco VPN 3000 Series Concentrator, and a Cisco IPS 4000 Series Sensor.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...