Re: [OSL | CCIE_RS] difference Pix and normal router

Sun, 25 Oct 2009 05:33:59 -0700

Indeed the PIX is a product you should forget about. The ASA is all that counts. Still the difference between the products is getting smaller. The 'flow' based way of inspecting traffic on the ASA was unique, but now with Zone-Based-Firewalling, IOS is catching up with it. The ASA can't do as much routing as the routers can, there are quite some limitations you have to take into account and the routers still don't have all the deep-packet-inspection features that the ASA has. Besides the virtualization the ASA can with contexts is beyond anything that IOS can, although you could do much of the similar things with VRF's. Like I said the differences are becoming less and less, but as always, products are designed for a thing, if you have a combined product, it can't be the best for everything, but pretty good in a lot of things :-)
For example the ISR can do a LOT of things on your network, but still an ASA or IPS appliance can do those security features much better and faster. 



--

Regards,

Rick Mur
CCIE2 #21946 (R&S / Service Provider)
Sr. Support Engineer – IPexpert, Inc.
URL: http://www.IPexpert.com

On 24 okt 2009, at 17:50, Michael Lipsey wrote:


Sure, a PIX (or ASA) can route. Sure a router can do packet  
filtering and what not.



To be clear, the PIX is an end of life product that I believe goes  
end of support for the last few models by the middle of 2013. It has  
been replaced with the ASA which is very similar but much more  
capable and complete in features.



A router can filter but it has a limited amount of resources to do  
so. This makes the router less ideal for this sort of task but ideal  
in places where some capability is needed.



A PIX can take the place of a router but it is far less capable in  
this task. I don’t recall if a PIX is capable of even running more  
than RIP. I know and ASA supports most of the IGPs but I’ve never  
used one to do actual routing. It’s capable of it but is it wise to  
use it as such?



They both have shared features but their hardware is designed for a  
specific purpose and while some of those shared features can be used  
you wouldn’t want an ASA/PIX as your core routing device and you  
wouldn’t want a router as your primary firewall.


-Mike
_______________________________________________

For more information regarding industry leading CCIE Lab training,  
please visit www.ipexpert.com



_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com






















					Reply via email to