Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Your opinion about ASA/ASDM


in the near future we will have to look for a firewall/IDS combination. But it is difficult to compare the vendors, because all you get are marketing brochures but no real neutral reviews. What are your experiences with the ASA + Adaptive Security Device Manager? Would you buy it again? Do you have experience with multiple vendors so you can compare them?


P.S.: The network which the devices have to protect are a medium one (administration network with about 1000 clients) and a large one (university).

P.S.S.: I read that the ASAs have one SSC/SSM expansion slot and that there are several modules, with AIP-SSM for IPS and CSC-SSM for Anti-Virus'n'stuff.

But what do I do when I want an ASA for IPS AND Anti-Virus?

New Member

Re: Your opinion about ASA/ASDM

Hello there,

I'm relatively new to ASA, but not to cisco's equipments, having used both switches, routers, pix, fwsm and IDS/IPS.

For a new project, we're planning to deploy ASAs with AIM for the IPS/IDS role as well as a VPN concentrator function, as we found the ASA being superior in the overall integration of all wished functions. The point that made the difference was that the IPS/IDS is an hardware extension and not a part of the firewalling software (as it was in the PIX appliance through the IP AUDIT command).

Currently, we're going to try CSM. If you have a really large network of firewall and security devices, it may help you.

PS-1 : those informations as well as the projected bandwidth is something really useful to determine which ASA appliance to choose and which AIM. -->

PS-2 : for the antivirus role on the www line, I would suggest using transparent proxying and antivirus using ICAP : large files can be a mess to handle and the FW has lots of other things to do!

PS-2bis : if you really want it, it is still possible to thing in term of a dual layer of firewalls with proxies and exposed servers in between.

PS-3 : in the past, Cisco lent us several pieces of equipments to review/test/analyze/prove it. Maybe you can ask your dealer to do the same ?

PS-4 : we're reporting to CS-MARS. A definite solution to ease the "log tasks".

Kind regards from Rainy Belgium,