Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

Catalyst 6509 FSM or ASA is better

Dears ,

I'm in a confusion that what to choose from the below 2 when implementing a small data centre

Option 1 : Cisco 6509( WS-C6509 with Sup 720-3B)  + FWSM (WS-C6513-FWM-K9)

Option 2 : WS-C6509 and ASA

My requirement is to protect from outside attacks only ..Also what are the failover options available with FWSM ?

I need only certain VLANs to be passed thru FWSM .

Another Question is regarding HSRP , i have two 6509 switches both with 7203b ,but interfaces are different .Whether i Can run HSRP on this ? Whether it need to be the same exact hardware ? .Whether I can put FWSM in one switch only for now or is it needed to put in both switches

1 REPLY
Hall of Fame Super Silver

Re: Catalyst 6509 FSM or ASA is better

Hello Haris,

FWSM:

can be used in multicontext, contexts can be routed or transparent.

FWSM failover option is to have one FWSM on chassis 1 and second FWSM on chassis 2.

the two chassis can be connected by a L2 trunk, you can have one vlan used for failover and one vlan used for stateful exactly as with an ASA pair.

>> I need only certain VLANs to be passed thru FWSM .

this is possible, only vlans specified in firewall vlan-group on C6500 supervisor are passed to the FWSM.

We use this setup in several server farms with good results.

FWSM can process 3 Gbps of traffic.

FWSMs cannot act as VPN terminator as an ASA

The ASA performance depends from the model. ASA 5580-40 outperforms FWSM but this is not true for other models

Hope to help

Giuseppe

446
Views
4
Helpful
1
Replies