Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firewall IOS router v ASA


I have an ASA5520 Firewall and some 3800 routers with firewall IOS.

I want to have two layers of firewall, one at the internet and the other behind the first.

I have some questions.

Would it be better to have both firewalls ASA.

Are there any disadvantages to using firewall IOS.

Would it be better to have the ASA or the IOS boxes facing the internet.


Re: Firewall IOS router v ASA

Some gov't entities require two different mfg firewalls, but since you have two different boxes, that should be pretty good. What are the boxes doing? Any VPN?, NAT translations (inside to out)? how many interfaces? It really depends on the design. I would *feel* better putting the ASA first, but that's just me.

HTH and please rate.

New Member

Re: Firewall IOS router v ASA

I accept there is benefits to having two different fw's and agree about the asa on the outside, but the asa need to be inside because of realtime applications that will need to failover seamlessly in the event of a failure.

The outside firewalls will just have nat and vpn devices in dmz (via 16 port fa card in nm slot)

CreatePlease to create content