The ASA is basically the PIX replacement, so I'd definitely recommend it - better value and more flexibility, as well as optional content scanning or intrusion prevention. It's hard to be more specific without more detail on your exact requirements though..
Thanks. I need to be able to NAT, setup systems in a DMZ, and restrict access. I am interested in using the IPS module if it is not a big hassel to implement. Have you setup any of the ASA devices? If you have did you find the ASA's hard to implement or manage? Thank you for your initial response.
I agree with Andrew. Cisco has all but said the ASA is the PIX replacement. It is in the same price category, but adds a LOT of performance and enhancements that the PIX does not have. From a configuration point of view, they both run PIXOS 7.x now, so they look the same for configuration.
Since you are interested in IPS, the PIX does not have a module for IPS. The ASA IPS module is the same in function to a full-blown IPS appliance.
I also highly recommend the ASDM interface for configuring (it is included with both) because it provides many wizards and an easy GUI for most firewall tasks.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...