Can anyone tell me the technical differences and features between the ASA and ISR Firewall? I am in a technical sales position and I find it difficult explaining the difference between the two, when pressed. Especially in a ASA5505/5510 vs 1941/2911 scenario.
If someone could explain the security features ASA's do that ISR's do not that would be helpful also.
Here is what I know already or so I think I know.
The firewall/IPSec performance on an ASA is better than the ISR.
They both run different IOS's
The ASA does not support routing protocols
ASDM is much better suited to analyze traffic, but with third party software the same could be achieved on an ISR.
Routers have multiple interfaces and can perform many different tasks under the ISR umbrella. WLAN controller, Gateway, Gatekeeer, CUBE etc etc
You can add IPS and CSC modules to an ASA and they will outperform the NME and IOS filtering options for an ISR.
Routers perform equal cost load balancing and ASA's do not, they only have failover as an option.
The ASA is a purpose built security device while the ISR is a router. The primary focus of the ASA is security implementation including stateful inspection of traffic and very sophisticated inspection of traffic passing through the ASA. It has some (limited) ability to do layer 3 routing of packets. The primary focus of the ISP is to do layer 3 routing with some very sophisticated routing algorithms supported and the ability to implement some security screening. It can do some stateful inspection of traffic but does not support the deep inspection of traffic that an ASA could do.
So for example if a customer wants to run BGP to a provider they would want to choose an ISR over an ASA. Or if a customer wants to do some URL filtering they would choose an ASA and not an ISR.
Its hard to compare a Router with an ASA no matter of what platform we talk about, those are totally different platforms. The fact that they run on the same layer, does not mean that they can be compared.
Once is a security solution, which has A LOT of features and the other one is a Router used for Routing over an IP network. I mean, there is too much different features and some few that they shared (IE VPN, Multicast Routing, NAT).
Sorry about that but I should have been more clear. When it comes to security features, what makes an ASA far more superior than an ISR for security? What security features does the ASA have, that the ISR does not?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...