Re: [fw-wiz] Question on Cisco ASA's... do all the features slow it down?



The IPS feature does slow it down. Of course the more you do with the
packets, the slower it will get. I'd still recommend the ASA with the
SSM though. For the 5510, here is the specs:

Feature

Firewall throughput Up to 300 Mbps

Concurrent threat mitigation throughput (firewall + IPS services)
• Up to 150 Mbps with AIP-SSM-10
• Up to 300 Mbps with AIP-SSM-20


VPN throughput Up to 170 Mbps

(see: http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html)


If 150 Mbps is okay, go with the SSM-10. Otherwise, the SSM 20 hardly
slows it down.

I think the ASA is a huge leap from the PIX and would suggest the ASA
over the PIX.



On 12/4/07, John G. <isaac737@xxxxxxxxx> wrote:
hello list,

we are currently running Cisco PIX 515E's with 128 Megs of RAM. the problem
is their CPU's are getting up to high 80% usage. gone through a bunch of
troubleshooting things and i think it is just time to upgrade.

my question is do the IDS/IPS features of the ASA make it kinda slow? i
would hate to have us upgrade to these devices just to find us in the same
spot. what do people think of the ASA's as compared to the vaunted PIX?

we were thinking of getting this model: Cisco ASA5510-SEC-BUN-K9

thanks much,
jg


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Cisco firewall appliance choice
    ... PIX 505 with another Cisco device, for good or evil, which would you ... I'm not all that well versed with the ASA devices and the ... Maximum throughput?63 Mbps with VAC ... Maximum throughput?140 Mbps with VAC+ ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Question on Cisco ASAs... do all the features slow it down?
    ... Firewall performance figures from all vendors are highly overrated on the datasheets. ... Firewall throughput Up to 300 Mbps ... I think the ASA is a huge leap from the PIX and would suggest the ASA ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls
    ... I just spoke with a Cisco sales rep about this. ... > Cisco is marketing the ASA 5500 appliances as PIX, VPN Concentrator, Secure ... > least out of scope features, ...
    (Firewall-Wizards)
  • Re: VPN from my PC to work through ASA
    ... I am trying to connect remotely via VPN to this Cisco Pix, however, I ... think the ASA is not allowing this. ...
    (comp.dcom.sys.cisco)
  • Difference between PIX and ASA
    ... can someone explain me the differnces between a PIX and an ASA, especial a PIX 515E/R and an ASA 5510 plus. ... I have the problem to combine and expand our PIX based network with a watchguard and soho-router based network. ... In the first step i will replace the 2port Watchguard on the other mainoffice with a PIX or ASA with minimal 3 NICs to implement among other things a DMZ, site-to-site VPN and the possibility for the use of the Cisco VPN-Client. ...
    (comp.dcom.sys.cisco)