Yes, ASA is the successor to PIX which Cisco acquired around 1995. Cisco grew by acquisitions, e.g. the Catalyst switch product line. PIX had its own OS, Catalyst had its own OS, over time they made them look more like IOS, but just enough different to be confusing.
I think another justification of VPN firewall products was that you could only get decent IPSEC performance on a box with encryption in hardware. But now CPU chips are fast enough and many have hardware acceleration for encryption, so that you don’t need a special Cisco box. Just like it used to be the only way to build a router with high throughput and low latency was hardware based with ASICs and CAM. From: AF <[email protected]> On Behalf Of Josh Baird Sent: Thursday, November 15, 2018 8:56 PM To: AFMUG <[email protected]> Subject: Re: [AFMUG] Router vulnerability There is nothing more annoying than trying to match up a version of Java with ASDM. I think you have a good strategy. I mostly agree with everyone else here. The config is archaic, and there are other options now that are easier and and can be just as robust. I don't care how "enterprise" you are. On Thu, Nov 15, 2018 at 9:20 PM Larry Smith <[email protected] <mailto:[email protected]> > wrote: True on pretty much all counts, but, when dealing with certain "audit" agencies (especially for banks), if you have anything other than a name brand (Cisco ASA) firewall then you have 3,987 more pages of paperwork to fill out and justify your reasons/selection. We maintain several, you just keep a virtual PC with each version of ASDM and the appropriate JAVA (they only talk realiably to one specific version for each version of ASDM) and there's nothing to it. -- Larry Smith [email protected] <mailto:[email protected]> On Thu November 15 2018 18:58, Ken Hohhof wrote: > If it’s company CEO, they should purchase Smartnet contract and keep the > firmware updated. That’s about the only way you are going to fix > vulnerabilities, hope Cisco fixes them, and keep up with the latest > firmware. > > > > IMHO the only reason to have a Cisco ASA at home is he needs a > site-to-site VPN to an ASA at the office. Meaning he has multiple devices > at home that need to work across the VPN, otherwise he could probably use a > software VPN client on his computer. Or maybe non computer devices like > his phone needs to work across the VPN. > > > > Also IMHO if this is the case, he needs a Cisco security trained/certified > IT person to manage it. I was OK dealing with IOS but the ASA series I > always found very difficult to configure and maintain, I pretty much > wouldn’t touch them. One of my customers who had ASAs at HQ and every > branch office had a big IT company under contract to do all their ASA > maintenance and even though they were supposedly Cisco experts, they would > screw up and mess everything up trying to do a simple change and end up > taking a whole day to get it working again. > > > > A common approach seems to be start with ASDM to get a basic working config > because you’ll never get there from the command line, but then SSH in and > do the rest of the config manually. Then be sure to save a copy of the > config for when you inevitably break everything trying to make a change. > > > > If the CEO just needs a fancy router, there are probably better choices > than an ASA. Just not a Sonicwall. Maybe a nice Netgear AX8, which will > look it’s about to take off and fly around the living room. Or maybe a > nice Google WiFi, he can put one in every room. > > > > But you’re probably going to say it’s the VPN thing. Some people say it’s > because they need a true firewall, not just a router. But then I ask them > what custom firewall rules they defined. And who monitors the IDS logs and > responds to the identified threats. If the answers are none and nobody, > then it’s just an expensive router. And BTW, in my experience ASAs are > like every other router, first troubleshooting step is to power cycle them > and see if the VPN light comes back on. > > > > I have some customers now using firewall appliances at every site that they > contract out to a big telco which I think is using firewall appliances > based on pfSense. I don’t really know enough to have an opinion, but that > seems a reasonable way to go. No Cisco maintenance contract to buy just to > get firmware updates. Just finding someone to sell you Smartnet is a pain, > I used to call up a place like CDW. I swear Cisco doesn’t really want your > business unless you’re a Fortune 500 company, or government, or a big > telco. > > > > > > From: AF <[email protected] <mailto:[email protected]> > On > Behalf Of Jaime Solorza > Sent: Thursday, November 15, 2018 5:32 PM > To: AnimalFarm Microwave Users Group <[email protected] > <mailto:[email protected]> > > Subject: Re: [AFMUG] Router vulnerability > > > > Friend has one for ceo of his company...can you point me to sure for ideas? > > > > On Thu, Nov 15, 2018, 12:15 PM Josh Luthman <[email protected] > <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]> > > wrote: > > Who's using an ASA at home? > > > > ASA has a bunch of vulnerabilities - most fixed, some not... > > > > > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Thu, Nov 15, 2018 at 11:42 AM, Jaime Solorza <[email protected] > <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]> > > > wrote: > > What is the latest on router vulnerability to hacks on ASA and home > versions? > > > -- > AF mailing list > [email protected] <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]> > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] <mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
