Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
0
Helpful
1
Replies

Enquiry about ASA or PIX

abhyankar
Level 1
Level 1

‎02-24-2007 10:27 PM - edited ‎02-21-2020 01:25 AM

Hello,

I work with a software company. We currently have 160 user's. We have >

Cisco 515e Firewall ( We dont have failover firewall )

Cisco 1841 Router

3 COM layer II switches

1 quantity of Cisco catalyst 3560 layer III switch

1 linux running proxy server.

Requirement >

I am looking for a all in 1 solution.

I know Cisco's ASA. But I haven't worked on it at all. I just went through Cisco's

documentation. I want a single box which can be a DHCP server, A Firewall, a router & AAA server.

Anybody can suggest flexible appliance from Cisco Systems which can mainly handle following tasks >

Firewall capability

WAN routing

Proxy ( Access control mechanism I can say )

I heard of few Juniper devices which can Firewall,router & proxy. All 1 in box. But i prefer Cisco appliance. Any suggestion with technical positive and negative points ?

Thank you,

Regards,

Amey Abhyankar.

0 Helpful
1 Reply 1

daviddtran
Level 1
Level 1

‎02-25-2007 07:12 AM

Hi Amey,

ASA/Pix can NOT terminate WAN connections such

as T-1, Frame Relay or MPLS to the firewall

itself. Pix/ASA can only terminate Ethernet,

Fast Ethernet and Gig connection to the

firewall.

If you go with Juniper/Netscreen or Nokia

appliances running Checkpoint, they can

terminate WAN connections to the firewalls

itself. I am not sure if it can terminate

MPLS connections.

Nokia, Juniper and Pix can be a DHCP Server.

Not sure about ASA.

Nokia/CP and Pix can not function as a proxy

server. Not sure about Juniper

Nokia/CP, Pix/ASA and Juniper can not function

as a AAA server.

If you are looking for an ALL in 1 solution,

I would suggest that you go with Linux

firewall. The linux can function as the

following:

AAA Server = Freeware Tacacs+ and FreeRadius (I have it running right now and it is working great)

proxy server = squid (i've it running right now)

firewall = ip masquerading with iptables (i've it running at the moment)

WAN routing = I've not tried but I think gen2

can do this. By that, I mean you can

terminate WAN connection such as T-1, Frame

relay to the linux box itself.

DHCP Server = dhcpd.conf will do the trick

As far as support for the linux firewall/

AAA/DHCP/WAN routing/Proxy, that's a separate

issue.

David

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card