PIX vs ASA

mikedelafield · ‎01-29-2008

Could someone tell me the basic differences between PIX and ASA?

What additional services and advantages does the ASA offer? In lamens terms and realistic terms to business needs etc..?

cisco24x7 · ‎01-29-2008

Different device running the same code with the

following exceptions:

1- ASA can terminate SSL vpn. Pix can not,

2- You can IPS on the ASA with additional

modules. Pix can not do that,

3- new hardware on ASA.

Other than that, there is not much of a

difference.

CCIE Security

Collin Clark · ‎01-29-2008

The PIX just went EoS so if you're looking to purchase, go with the ASA.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/prod_eol_notices_list.html

mikedelafield · ‎01-30-2008

thanks for that.

very useful information

so the ASA is now the main option for firewall needs

i had wondered why the 2 were still being sold in parallel as the ASA seemed to offer so much more!

thomasdzubin · ‎01-30-2008

Thanks for the link. Since this past July, I've been recommending to all my clients that they go with the ASA. It did confuse me that I didn't see any end-of-life announcement since it was really obvious that the 5505 was replacing the low end 501 and 506 and they couldn't be upgraded to a recent firmware version either. I wonder why it took them so long.

Collin Clark · ‎01-30-2008

There are a number of things that determine when an old product can go EoS. One major item is FIPS/Common Criteria. The new platform should (must really) attain certification/approval before the old one can be EoS/EoL.

http://www.cisco.com/en/US/docs/security/asa/asa70/hw/fips_asa.html