Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Enquiry about ASA or PIX


I work with a software company. We currently have 160 user's. We have >

Cisco 515e Firewall ( We dont have failover firewall )

Cisco 1841 Router

3 COM layer II switches

1 quantity of Cisco catalyst 3560 layer III switch

1 linux running proxy server.

Requirement >

I am looking for a all in 1 solution.

I know Cisco's ASA. But I haven't worked on it at all. I just went through Cisco's

documentation. I want a single box which can be a DHCP server, A Firewall, a router & AAA server.

Anybody can suggest flexible appliance from Cisco Systems which can mainly handle following tasks >

Firewall capability

WAN routing

Proxy ( Access control mechanism I can say )

I heard of few Juniper devices which can Firewall,router & proxy. All 1 in box. But i prefer Cisco appliance. Any suggestion with technical positive and negative points ?

Thank you,


Amey Abhyankar.

New Member

Re: Enquiry about ASA or PIX

Hi Amey,

ASA/Pix can NOT terminate WAN connections such

as T-1, Frame Relay or MPLS to the firewall

itself. Pix/ASA can only terminate Ethernet,

Fast Ethernet and Gig connection to the


If you go with Juniper/Netscreen or Nokia

appliances running Checkpoint, they can

terminate WAN connections to the firewalls

itself. I am not sure if it can terminate

MPLS connections.

Nokia, Juniper and Pix can be a DHCP Server.

Not sure about ASA.

Nokia/CP and Pix can not function as a proxy

server. Not sure about Juniper

Nokia/CP, Pix/ASA and Juniper can not function

as a AAA server.

If you are looking for an ALL in 1 solution,

I would suggest that you go with Linux

firewall. The linux can function as the


AAA Server = Freeware Tacacs+ and FreeRadius (I have it running right now and it is working great)

proxy server = squid (i've it running right now)

firewall = ip masquerading with iptables (i've it running at the moment)

WAN routing = I've not tried but I think gen2

can do this. By that, I mean you can

terminate WAN connection such as T-1, Frame

relay to the linux box itself.

DHCP Server = dhcpd.conf will do the trick

As far as support for the linux firewall/

AAA/DHCP/WAN routing/Proxy, that's a separate



CreatePlease login to create content