Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Thinking of upgrading from a Netscreen NS100 and PIX515e to a ASA5510

Hello everyone. My current environment contains an ancient NS100 (Grey box not blue) doing firewall/NAT duties and a Cisco PIX 515e doing VPN duties. I've looked at the following UTM devices to replace my current setup:

Cisco ASA5510
Juniper SRX240
SonicWall NSA2400

The SonicWall NSA2400 seems compelling but i haven’t had good experiences with sonic walls in the past, my previous employer dumped all there sonic walls for net screen firewalls some 6 years ago and i havent seen or used one since.

I've used juniper products extensively at my previous job so I'm very comfortable with the netscreen products running ScreenOS, but i hear the latest models use the JUNOS which is drastically different than the previous ScreenOS. Also i've seen plenty of complaints on the SRX line in regards to stability.

I would love to have the Cisco but I'm afraid of setup having seeing that making changes on my PIX was a chore since i'm not well versed in the CLI. Also the price point is much higher then the other 2.

What I’m primarily looking to do is the following:

- Bandwidth shaping
- Firewall Services
- Intrusion Detection
- Client VPN access

anyone care to share their opinions or experience moving from an older Netscreen and VPN solution to an ASA5000 series? Thanks!

Cisco Employee

Re: Thinking of upgrading from a Netscreen NS100 and PIX515e to

The service you want can be provided my the ASA. There is an extra SSM card that can provide the IPS/IDS part.

They can provided traffic, shapping, prioritization and policing for QoS also.

As for VPN, tehy more or less support VPN and WebVPN fine. Depending on the number of users you need to check the load on the firewall.

As far as stability the ASAs have been doing very well and I can say they are pretty stable in the latest releases for the vast majority of people. There are boxes that run fine for hundreds of days, and there are no major significantly affecting defects with no workarounds.

Depending on the bandwidth requirement you will need to decide which model is best for you.

I hope it helps.


New Member

Re: Thinking of upgrading from a Netscreen NS100 and PIX515e to

Thanks for the info! As for the Bandwidth requirment we currently two bonded T1's. Would the ASA5510 be overkill for that?

Cisco Employee

Re: Thinking of upgrading from a Netscreen NS100 and PIX515e to

It could very easilty support well above 100Mbps real world traffic. Its name throughput is 300Mbps.

So 2 T1s will be a piece of cake.