Gert, I understand where this comes from, but the ASA is a bit more modern then the "PIXen".
1) It now does dynamic routing (RIP, OSPF, EIGRP) 2) Nat (as of 8.3+) is now "normal" 3) The inspect feature still has issues but is necessary for many protocols and is implemented very similar on the ZBFW in ios. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- > boun...@puck.nether.net] On Behalf Of Gert Doering > Sent: Friday, September 09, 2011 11:05 AM > To: Jay Nakamura > Cc: cisco-nsp > Subject: Re: [c-nsp] ASA vs ISR ZBFW > > Hi, > > On Fri, Sep 09, 2011 at 01:31:06AM -0400, Jay Nakamura wrote: > > I have been wondering lately, what advantages do ASA have over ISR as > > a firewall on the low end? As just one stand alone firewall, what > > features are there for ASA that distinguishes itself? Often, I > rather > > have an ISR over an ASA so I have more flexibility in a budget > > environment. > > It has "FIREWALL!!" painted on the front cover, and will not do dynamic > routing. And the NAT is much more interesting, and the way "fixup" > helpers damage perfectly reasonable communications... > > Mmmh. This certainly doesn't read as if I like PIXen. Wonder why. > > gert > -- > USENET is *not* the non-clickable part of WWW! > > //www.muc.de/~gert/ > Gert Doering - Munich, Germany > g...@greenie.muc.de > fax: +49-89-35655025 g...@net.informatik.tu- > muenchen.de _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/