We are in need of upgrade of firewall device currently Pix512. We have propostion of three solutions each with varying cost. The lowest cost is Active/Standby dual 515e, then redundant ASA5510s and the most costly redundant ASA5520s. We need to accomodate at least 100 hosts on our LAN that use outside internet, about 20 VPN's from outside users to the network and VPN tunnel from Pix515 in our another facility. The demand is expected to increase. I'd like to know how those devices compare performacewise and espeially how much better is ASA over PIX line of firewalls. Also is there a varying mode for Active/Active Active/Stanby on ASA and is there different licence cost.
I think ASA5510 with a Security Plus license will be the best choice
After upgrading to Cisco ASA Software v7.2.3, ports 0/0 and 0/1 will become Gigabit Ethernet enabled on Cisco ASA 5510s with a Security Plus license. This gives customers greater flexibility, and enables them to achieve the maximum Cisco ASA 5510 firewall throughput (300 Mbps) through a single interface, if required.
Thank you fo replying on my earlier post, bu I need little more detail on subject since I am kind of new to this devices. I need little more justfication. First of all wht is the difference in terms of hardware in Pix515e and ASA5510 products. I know that Pix runs on Intel PIII. Does ASA run on the same or different architecture. What are the enhancements over Pix. You suggested that we should go with 510. Is 520 an overkill for situation mentioned earlier.
the ASA's are newer devices and will therefore be supported by Cisco much longer than the PIX line will be - that should really be justification enough. The ASA can do everything the PIX can do - and more. Buying a PIX today is like buying a new copy of windows 2000 - yes, this is not a perfect analogy, but it gets the point across.
Ok. so that narrows my choices to two possibilities: 5510 and 5520 one is cheaper the other epensive. How much more performance hsa 5520 over 5510, does 5520 have any features that may be useful but are not on 5510. also when in Active/Active failover mode do those device share the work on traffic or one of them sits passively.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...