From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Sat Feb 07 2009 - 09:50:37 ARST
Agreed, it is a feature Cisco should have introduced long ago :)
But will I pay 8 times the cost for a feature that I don't need? Not many
people use ASA5505s to multi-home.
Regards
Farrukh
On Sat, Feb 7, 2009 at 2:32 PM, Muhammad Nasim <muhammad.nasim@gmail.com>wrote:
> Dear Farrukh,
> Cisco ASA does not support PBR or Source Based routing. I am seeing a lot
> of people want to do this at the firewall.
>
> Also when there will be a lot of site to site VPNs and remote access VPN
> running on the ASA it simply turn down some of the tunnels.
>
> Chris,
>
> I would strongly recommend to look into deeply that what feautres and
> functionalities you are using at you Check Point and then confirm it that
> ASA do have these features as well.
>
> HTH
>
>
>
>
>
> 2009/2/7 Farrukh Haroon <farrukhharoon@gmail.com>
>
> who = you :)
>>
>> On Sat, Feb 7, 2009 at 10:12 AM, Farrukh Haroon <farrukhharoon@gmail.com
>> >wrote:
>>
>> > You can find a side-by-side comparison here:
>> >
>> > http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
>> >
>> > All vendors have their particular pros and cons, everybody can't afford
>> a
>> > BMW (or a Daewoo for that matter).
>> > E.g. with Juniper who have to buy a separate box for SSL VPN etc.
>> >
>> > Regards
>> >
>> > Farrukh
>> >
>> > On Sat, Feb 7, 2009 at 2:42 AM, Christopher Copley <
>> > copley.chris@gmail.com> wrote:
>> >
>> >> Well, my vote was for the Juniper Netscreens, but I got over ruled.
>> The
>> >> reason we are going from Checkpoint to ASA is really for 2 reasons...
>> >> 1. Political
>> >> 2. Costs
>> >>
>> >> My management is die hard Cisco every thing! Plus the way we buy
>> >> Checkpoint and do support puts a serious hurt on us. The cost of the
>> >> Checkpoint is 7 or 8 times higher than a comp Cisco model. And out
>> >> support
>> >> cost and times are very poor. With out getting into a very long story,
>> it
>> >> is a much better deal go Cisco than Checkpoint. Plus it means more
>> >> training
>> >> for me! And that is never a bad thing!
>> >>
>> >>
>> >> Chris
>> >>
>> >>
>> >> On Fri, Feb 6, 2009 at 6:23 PM, Felix Nkansah <felixnkansah@gmail.com
>> >> >wrote:
>> >>
>> >> > Hi Chris,
>> >> > The 5505 uses switched ports instead of the routed ports you would
>> see
>> >> in
>> >> > the higher models.
>> >> >
>> >> > One has to use SVIs for L3 stuff on the 5505 therefore (like we do on
>> >> the
>> >> > FWSM).
>> >> >
>> >> > The 5505 does not support security contexts and stateful failover
>> (even
>> >> > though it supports bare active/standby failover).
>> >> >
>> >> > Get a box with a security plus license anyway if you want to enjoy
>> >> enough
>> >> > functionalities.
>> >> >
>> >> > By the way, why are you replacing Checkpoint with Cisco? It's like
>> >> > replacing BMWs with Daewoo.
>> >> >
>> >> > If you have to introduce new firewall/IDS/IPS/UTM stuff in your
>> network,
>> >> I
>> >> > would advise you to go for Juniper products instead.
>> >> >
>> >> > 2 cents!
>> >> >
>> >> > Felix
>> >> > ccie r&s, security
>> >> >
>> >> >
>> >> >
>> >> > On Fri, Feb 6, 2009 at 10:34 PM, Christopher Copley <
>> >> > copley.chris@gmail.com> wrote:
>> >> >
>> >> >> Group,
>> >> >>
>> >> >> My company is moving away from Checkpoints to ASA's. I have got my
>> >> >> management to buy me 2 ASA 5505's for my lab to learn. My question
>> >> is,
>> >> >> how
>> >> >> does the 5505's compare to the 5510 and above? Is there much that
>> I
>> >> will
>> >> >> not be able to test or practice with the 5505's, or major
>> differences?
>> >> >>
>> >> >>
>> >> >> Chris
>> >> >>
>> >> >>
>> >> >> Blogs and organic groups at http://www.ccie.net
>> >> >>
>> >> >>
>> _______________________________________________________________________
>> >> >> Subscription information may be found at:
>> >> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST