i prefer a pix whenever possible as it is specially designed for security; whereas firewall feature set is an add-on for the routers. e.g. a remote branch with a single internet link establishing a vpn back to the central site. i would choose a pix as there is not much routing involved.
from my personal experience, pix just handles vpn better than router in terms of stability and flexibility.
e.g. when modifying the acl for no-nat, with pix you can add the new line and then delete the old line; whereas with routers, you need to delete the existing ip translation, un-apply the route-map and then modify the no-nat acl.
regarding the firewalling, pix is very simple as you only need 6 basic commands to secure your network; whereas with router, just by reading the cisco forum, you will be surprised how many issues you may have with cbac feature.
i guess the main reason is that pix as special kind of hardware and stripped down software, improved for speed using some security algorithms with dedicated asics like when using Des and is limited and therefor probably more stable than a general use router that has to do all kind of functions
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :