From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Feb 07 2009 - 09:56:29 ARST
Hey obviosuly chirs is not going to buy ASA 5505 for his office use. I think
he is buying ASA 5505 for his testing and learning purpose : )
BTW Chris what models of Cisco ASA you people are going for office use.
Thanks
2009/2/7 Farrukh Haroon <farrukhharoon@gmail.com>
> Agreed, it is a feature Cisco should have introduced long ago :)
>
> But will I pay 8 times the cost for a feature that I don't need? Not many
> people use ASA5505s to multi-home.
>
> Regards
>
> Farrukh
>
> On Sat, Feb 7, 2009 at 2:32 PM, Muhammad Nasim <muhammad.nasim@gmail.com>wrote:
>
>> Dear Farrukh,
>> Cisco ASA does not support PBR or Source Based routing. I am seeing a lot
>> of people want to do this at the firewall.
>>
>> Also when there will be a lot of site to site VPNs and remote access VPN
>> running on the ASA it simply turn down some of the tunnels.
>>
>> Chris,
>>
>> I would strongly recommend to look into deeply that what feautres and
>> functionalities you are using at you Check Point and then confirm it that
>> ASA do have these features as well.
>>
>> HTH
>>
>>
>>
>>
>>
>> 2009/2/7 Farrukh Haroon <farrukhharoon@gmail.com>
>>
>> who = you :)
>>>
>>> On Sat, Feb 7, 2009 at 10:12 AM, Farrukh Haroon <farrukhharoon@gmail.com
>>> >wrote:
>>>
>>> > You can find a side-by-side comparison here:
>>> >
>>> > http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
>>> >
>>> > All vendors have their particular pros and cons, everybody can't afford
>>> a
>>> > BMW (or a Daewoo for that matter).
>>> > E.g. with Juniper who have to buy a separate box for SSL VPN etc.
>>> >
>>> > Regards
>>> >
>>> > Farrukh
>>> >
>>> > On Sat, Feb 7, 2009 at 2:42 AM, Christopher Copley <
>>> > copley.chris@gmail.com> wrote:
>>> >
>>> >> Well, my vote was for the Juniper Netscreens, but I got over ruled.
>>> The
>>> >> reason we are going from Checkpoint to ASA is really for 2 reasons...
>>> >> 1. Political
>>> >> 2. Costs
>>> >>
>>> >> My management is die hard Cisco every thing! Plus the way we buy
>>> >> Checkpoint and do support puts a serious hurt on us. The cost of the
>>> >> Checkpoint is 7 or 8 times higher than a comp Cisco model. And out
>>> >> support
>>> >> cost and times are very poor. With out getting into a very long
>>> story, it
>>> >> is a much better deal go Cisco than Checkpoint. Plus it means more
>>> >> training
>>> >> for me! And that is never a bad thing!
>>> >>
>>> >>
>>> >> Chris
>>> >>
>>> >>
>>> >> On Fri, Feb 6, 2009 at 6:23 PM, Felix Nkansah <felixnkansah@gmail.com
>>> >> >wrote:
>>> >>
>>> >> > Hi Chris,
>>> >> > The 5505 uses switched ports instead of the routed ports you would
>>> see
>>> >> in
>>> >> > the higher models.
>>> >> >
>>> >> > One has to use SVIs for L3 stuff on the 5505 therefore (like we do
>>> on
>>> >> the
>>> >> > FWSM).
>>> >> >
>>> >> > The 5505 does not support security contexts and stateful failover
>>> (even
>>> >> > though it supports bare active/standby failover).
>>> >> >
>>> >> > Get a box with a security plus license anyway if you want to enjoy
>>> >> enough
>>> >> > functionalities.
>>> >> >
>>> >> > By the way, why are you replacing Checkpoint with Cisco? It's like
>>> >> > replacing BMWs with Daewoo.
>>> >> >
>>> >> > If you have to introduce new firewall/IDS/IPS/UTM stuff in your
>>> network,
>>> >> I
>>> >> > would advise you to go for Juniper products instead.
>>> >> >
>>> >> > 2 cents!
>>> >> >
>>> >> > Felix
>>> >> > ccie r&s, security
>>> >> >
>>> >> >
>>> >> >
>>> >> > On Fri, Feb 6, 2009 at 10:34 PM, Christopher Copley <
>>> >> > copley.chris@gmail.com> wrote:
>>> >> >
>>> >> >> Group,
>>> >> >>
>>> >> >> My company is moving away from Checkpoints to ASA's. I have got
>>> my
>>> >> >> management to buy me 2 ASA 5505's for my lab to learn. My
>>> question
>>> >> is,
>>> >> >> how
>>> >> >> does the 5505's compare to the 5510 and above? Is there much that
>>> I
>>> >> will
>>> >> >> not be able to test or practice with the 5505's, or major
>>> differences?
>>> >> >>
>>> >> >>
>>> >> >> Chris
>>> >> >>
>>> >> >>
>>> >> >> Blogs and organic groups at http://www.ccie.net
>>> >> >>
>>> >> >>
>>> _______________________________________________________________________
>>> >> >> Subscription information may be found at:
>>> >> >> http://www.groupstudy.com/list/CCIELab.html
>>> >>
>>> >>
>>> >> Blogs and organic groups at http://www.ccie.net
>>> >>
>>> >>
>>> _______________________________________________________________________
>>> >> Subscription information may be found at:
>>> >> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Muhammad Nasim
>> Network Engineer
>> Saudi Arabia
>>
>
>
-- Muhammad Nasim Network Engineer Saudi ArabiaBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST