Re: [fw-wiz] Cisco firewall appliance choice

---

• From: Dan <method@xxxxxxxxxxx>
• Date: Sun, 25 Nov 2007 22:21:30 +0200

---

Brian Loe wrote:

If you had a customer with their mind set on replacing their limited
PIX 505 with another Cisco device, for good or evil, which would you
go with? I'm not all that well versed with the ASA devices and the
software restrictions that come with them. In short, unless the price
difference is huge - and that doesn't appear to be the case - then I
see no benefit of any ASA over the various 500 series PIXen and an
unrestricted license (not to include some of the addons that appear to
be available with the ASAs like AV and IPS). Anyone here have an
opinion?

The customer is a small office: 50 desktops, 15-20 servers, will be
using SIP, many peer-to-peer VPNs with customers, uses their PIX for
remote access for employees.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Hi ,


Differences between PIX and ASA is that ASA has some security modules :
AIP SSM (Advanced Inspection and Prevention) ans CSC (Content Security
and Control), that PIX doesnt have.
The capabilities for the PIX hardware are :

Connection capabilities for the PIX 515E are as follows:
? Maximum clear-text throughput?188 Mbps
? Maximum throughput (3DES)?63 Mbps with VAC
? Maximum throughput (3DES)?140 Mbps with VAC+
? Maximum throughput (AES-128)?135 Mbps with VAC+
? Maximum throughput (AES-256)?140 Mbps with VAC+
? Maximum concurrent connections?130,000
? Maximum concurrent VPN peers?2000

Connection capabilities for the PIX 525 are as follows:
? Maximum clear-text throughput?330 Mbps
? Maximum throughput (3DES)?72 Mbps with VAC
? Maximum throughput (3DES)?155 Mbps with VAC+
? Maximum throughput (AES-128)?165 Mbps with VAC+
? Maximum throughput (AES-256)?170 Mbps with VAC+
? Maximum concurrent connections?280,000
? Maximum concurrent VPN peers?2000

I think that a 515E could be ok.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• References:
  • [fw-wiz] Cisco firewall appliance choice
    • From: Brian Loe

• Prev by Date: Re: [fw-wiz] How to find hidden host within LAN
• Next by Date: Re: [fw-wiz] How to find hidden host within LAN
• Previous by thread: [fw-wiz] Cisco firewall appliance choice
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [fw-wiz] Question on Cisco ASAs... do all the features slow it down? ... The IPS feature does slow it down. ... Firewall throughput Up to 300 Mbps ... I think the ASA is a huge leap from the PIX and would suggest the ASA ... (Firewall-Wizards) Re: [fw-wiz] Question on Cisco ASAs... do all the features slow it down? ... Firewall performance figures from all vendors are highly overrated on the datasheets. ... Firewall throughput Up to 300 Mbps ... I think the ASA is a huge leap from the PIX and would suggest the ASA ... (Firewall-Wizards) Re: Impossible numbers with Performance Monitor ... >>I'm trying to monitor the bandwith I'm using, ... > Mbps) running at ... >>The counters indicate a maximum throughput of 439,936 ... (microsoft.public.windowsxp.perform_maintain)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2007-11