From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Feb 07 2009 - 09:32:00 ARST
Dear Farrukh,
Cisco ASA does not support PBR or Source Based routing. I am seeing a lot of
people want to do this at the firewall.
Also when there will be a lot of site to site VPNs and remote access VPN
running on the ASA it simply turn down some of the tunnels.
Chris,
I would strongly recommend to look into deeply that what feautres and
functionalities you are using at you Check Point and then confirm it that
ASA do have these features as well.
HTH
2009/2/7 Farrukh Haroon <farrukhharoon@gmail.com>
> who = you :)
>
> On Sat, Feb 7, 2009 at 10:12 AM, Farrukh Haroon <farrukhharoon@gmail.com
> >wrote:
>
> > You can find a side-by-side comparison here:
> >
> > http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
> >
> > All vendors have their particular pros and cons, everybody can't afford a
> > BMW (or a Daewoo for that matter).
> > E.g. with Juniper who have to buy a separate box for SSL VPN etc.
> >
> > Regards
> >
> > Farrukh
> >
> > On Sat, Feb 7, 2009 at 2:42 AM, Christopher Copley <
> > copley.chris@gmail.com> wrote:
> >
> >> Well, my vote was for the Juniper Netscreens, but I got over ruled.
> The
> >> reason we are going from Checkpoint to ASA is really for 2 reasons...
> >> 1. Political
> >> 2. Costs
> >>
> >> My management is die hard Cisco every thing! Plus the way we buy
> >> Checkpoint and do support puts a serious hurt on us. The cost of the
> >> Checkpoint is 7 or 8 times higher than a comp Cisco model. And out
> >> support
> >> cost and times are very poor. With out getting into a very long story,
> it
> >> is a much better deal go Cisco than Checkpoint. Plus it means more
> >> training
> >> for me! And that is never a bad thing!
> >>
> >>
> >> Chris
> >>
> >>
> >> On Fri, Feb 6, 2009 at 6:23 PM, Felix Nkansah <felixnkansah@gmail.com
> >> >wrote:
> >>
> >> > Hi Chris,
> >> > The 5505 uses switched ports instead of the routed ports you would see
> >> in
> >> > the higher models.
> >> >
> >> > One has to use SVIs for L3 stuff on the 5505 therefore (like we do on
> >> the
> >> > FWSM).
> >> >
> >> > The 5505 does not support security contexts and stateful failover
> (even
> >> > though it supports bare active/standby failover).
> >> >
> >> > Get a box with a security plus license anyway if you want to enjoy
> >> enough
> >> > functionalities.
> >> >
> >> > By the way, why are you replacing Checkpoint with Cisco? It's like
> >> > replacing BMWs with Daewoo.
> >> >
> >> > If you have to introduce new firewall/IDS/IPS/UTM stuff in your
> network,
> >> I
> >> > would advise you to go for Juniper products instead.
> >> >
> >> > 2 cents!
> >> >
> >> > Felix
> >> > ccie r&s, security
> >> >
> >> >
> >> >
> >> > On Fri, Feb 6, 2009 at 10:34 PM, Christopher Copley <
> >> > copley.chris@gmail.com> wrote:
> >> >
> >> >> Group,
> >> >>
> >> >> My company is moving away from Checkpoints to ASA's. I have got my
> >> >> management to buy me 2 ASA 5505's for my lab to learn. My question
> >> is,
> >> >> how
> >> >> does the 5505's compare to the 5510 and above? Is there much that I
> >> will
> >> >> not be able to test or practice with the 5505's, or major
> differences?
> >> >>
> >> >>
> >> >> Chris
> >> >>
> >> >>
> >> >> Blogs and organic groups at http://www.ccie.net
> >> >>
> >> >>
> _______________________________________________________________________
> >> >> Subscription information may be found at:
> >> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Muhammad Nasim Network Engineer Saudi ArabiaBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST