From: Radioactive Frog (pbhatkoti@gmail.com)
Date: Sat Feb 07 2009 - 11:02:40 ARST
Guys, don't forget that it will be a good idea of ASA or any firewall to do
PBR. Thats should be router's function.
People do over complicate ! here is the example.
On Sat, Feb 7, 2009 at 10:50 PM, Farrukh Haroon <farrukhharoon@gmail.com>wrote:
> Agreed, it is a feature Cisco should have introduced long ago :)
>
> But will I pay 8 times the cost for a feature that I don't need? Not many
> people use ASA5505s to multi-home.
>
> Regards
>
> Farrukh
>
> On Sat, Feb 7, 2009 at 2:32 PM, Muhammad Nasim <muhammad.nasim@gmail.com
> >wrote:
>
> > Dear Farrukh,
> > Cisco ASA does not support PBR or Source Based routing. I am seeing a lot
> > of people want to do this at the firewall.
> >
> > Also when there will be a lot of site to site VPNs and remote access VPN
> > running on the ASA it simply turn down some of the tunnels.
> >
> > Chris,
> >
> > I would strongly recommend to look into deeply that what feautres and
> > functionalities you are using at you Check Point and then confirm it that
> > ASA do have these features as well.
> >
> > HTH
> >
> >
> >
> >
> >
> > 2009/2/7 Farrukh Haroon <farrukhharoon@gmail.com>
> >
> > who = you :)
> >>
> >> On Sat, Feb 7, 2009 at 10:12 AM, Farrukh Haroon <
> farrukhharoon@gmail.com
> >> >wrote:
> >>
> >> > You can find a side-by-side comparison here:
> >> >
> >> >
> http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
> >> >
> >> > All vendors have their particular pros and cons, everybody can't
> afford
> >> a
> >> > BMW (or a Daewoo for that matter).
> >> > E.g. with Juniper who have to buy a separate box for SSL VPN etc.
> >> >
> >> > Regards
> >> >
> >> > Farrukh
> >> >
> >> > On Sat, Feb 7, 2009 at 2:42 AM, Christopher Copley <
> >> > copley.chris@gmail.com> wrote:
> >> >
> >> >> Well, my vote was for the Juniper Netscreens, but I got over ruled.
> >> The
> >> >> reason we are going from Checkpoint to ASA is really for 2 reasons...
> >> >> 1. Political
> >> >> 2. Costs
> >> >>
> >> >> My management is die hard Cisco every thing! Plus the way we buy
> >> >> Checkpoint and do support puts a serious hurt on us. The cost of
> the
> >> >> Checkpoint is 7 or 8 times higher than a comp Cisco model. And out
> >> >> support
> >> >> cost and times are very poor. With out getting into a very long
> story,
> >> it
> >> >> is a much better deal go Cisco than Checkpoint. Plus it means more
> >> >> training
> >> >> for me! And that is never a bad thing!
> >> >>
> >> >>
> >> >> Chris
> >> >>
> >> >>
> >> >> On Fri, Feb 6, 2009 at 6:23 PM, Felix Nkansah <
> felixnkansah@gmail.com
> >> >> >wrote:
> >> >>
> >> >> > Hi Chris,
> >> >> > The 5505 uses switched ports instead of the routed ports you would
> >> see
> >> >> in
> >> >> > the higher models.
> >> >> >
> >> >> > One has to use SVIs for L3 stuff on the 5505 therefore (like we do
> on
> >> >> the
> >> >> > FWSM).
> >> >> >
> >> >> > The 5505 does not support security contexts and stateful failover
> >> (even
> >> >> > though it supports bare active/standby failover).
> >> >> >
> >> >> > Get a box with a security plus license anyway if you want to enjoy
> >> >> enough
> >> >> > functionalities.
> >> >> >
> >> >> > By the way, why are you replacing Checkpoint with Cisco? It's like
> >> >> > replacing BMWs with Daewoo.
> >> >> >
> >> >> > If you have to introduce new firewall/IDS/IPS/UTM stuff in your
> >> network,
> >> >> I
> >> >> > would advise you to go for Juniper products instead.
> >> >> >
> >> >> > 2 cents!
> >> >> >
> >> >> > Felix
> >> >> > ccie r&s, security
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Fri, Feb 6, 2009 at 10:34 PM, Christopher Copley <
> >> >> > copley.chris@gmail.com> wrote:
> >> >> >
> >> >> >> Group,
> >> >> >>
> >> >> >> My company is moving away from Checkpoints to ASA's. I have got
> my
> >> >> >> management to buy me 2 ASA 5505's for my lab to learn. My
> question
> >> >> is,
> >> >> >> how
> >> >> >> does the 5505's compare to the 5510 and above? Is there much
> that
> >> I
> >> >> will
> >> >> >> not be able to test or practice with the 5505's, or major
> >> differences?
> >> >> >>
> >> >> >>
> >> >> >> Chris
> >> >> >>
> >> >> >>
> >> >> >> Blogs and organic groups at http://www.ccie.net
> >> >> >>
> >> >> >>
> >> _______________________________________________________________________
> >> >> >> Subscription information may be found at:
> >> >> >> http://www.groupstudy.com/list/CCIELab.html
> >> >>
> >> >>
> >> >> Blogs and organic groups at http://www.ccie.net
> >> >>
> >> >>
> _______________________________________________________________________
> >> >> Subscription information may be found at:
> >> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Muhammad Nasim
> > Network Engineer
> > Saudi Arabia
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST