Solved: A little background on pix, VPN concentrator,ASA

sarahr202 · ‎06-12-2013

Hi everybody

I am just trying to understand how Cisco's security products evolved so I can better understand them

These are some questions I have:

1) Before PIX came along, what Cisco product we used and what security features we could implement with that particular product?

2) What are the some shortcomings of the Cisco product above( refer to 1 above) that we came up with PIX?

3) What came next after pix? ASA or VPN concentrator?

4) Assuming it is VPN concentrator, why did we came up with VPN concentrator? What functions a VPN concentrator can perform which PIX can't ?

5) Why did we came up with ASA and what functions an ASA can perform that a VPN concentrator can't?

6) ASA stands for adaptive security appliance. Why do we use the word " APPLIANCE" here?

You guys have a great day.

Karsten Iwen · ‎06-12-2013

So you are interested in a history-lesson ... ;-)

Both the PIX and the VPN-concentrator were brought into the Cisco portfolio through aquisitions.The PIX was build by a company named "Notwork Translator", the VPN3000 was build by "Altiga". To complement that, there was also the "Wheel Group" that build the Intrusion-Detection System that is now the Cisco IPS.

PIX was an enterprise-grade firewall, while the VPN VPN Concentrator was a pure VPN device. Very often both devices were used together because the concentrator was not able to do firewalling, and the PIX had no really good remote-access VPN-capability.

The ASA is the successor that inherrited the firewalling from the PIX and the VPN from the concentrator. Now one device could be used instead of using two to achieve the same functionality. Additionally, the IDS/IPS could be integrated as a module where in the time bofore the ASA was used, that was also a dedicated device. Probably Cisco was also thinking that it's time to bring a new device instead of new generations of PIX and VPN concentrator.

And it is named Appliance because the initial version was only available as a box with the ASA-software on it and was nothing that was installed on a server for example.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

Karsten Iwen · ‎06-12-2013

About the Appliance: That's a device where the software you want to use (the firewall in this case) is bundled with the operating system and that's all what is running on the hardware. The benefit is that you don't have to care about operating-system updates. For example the ASA is based on Linux since some time. But you never have to take care of updating the OS as that is done by updating the ASA. Now we often have virtual appliances where the same thing runs virtualized on a hypervisor like VMware. With that you can run more then one function on one one piece of hardware.

In contrast to that, Cisco once had a firewall-software that was installed on Windows NT but I forgot the name of the software. There the firewall was just an application on a Windows-server.

Good luck with finding the right job as a network-engineer.

Sent from Cisco Technical Support iPad App

View solution in original post

Karsten Iwen · ‎06-12-2013

So you are interested in a history-lesson ... ;-)

Both the PIX and the VPN-concentrator were brought into the Cisco portfolio through aquisitions.The PIX was build by a company named "Notwork Translator", the VPN3000 was build by "Altiga". To complement that, there was also the "Wheel Group" that build the Intrusion-Detection System that is now the Cisco IPS.

PIX was an enterprise-grade firewall, while the VPN VPN Concentrator was a pure VPN device. Very often both devices were used together because the concentrator was not able to do firewalling, and the PIX had no really good remote-access VPN-capability.

The ASA is the successor that inherrited the firewalling from the PIX and the VPN from the concentrator. Now one device could be used instead of using two to achieve the same functionality. Additionally, the IDS/IPS could be integrated as a module where in the time bofore the ASA was used, that was also a dedicated device. Probably Cisco was also thinking that it's time to bring a new device instead of new generations of PIX and VPN concentrator.

And it is named Appliance because the initial version was only available as a box with the ASA-software on it and was nothing that was installed on a server for example.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

sarahr202 · ‎06-12-2013

Hi Karsten

thanks for your response. It is awesome. But,I being an ESL person, did not understand the following:

And it is named Appliance because the initial version was only available as a box with the ASA-software on it and was nothing that was installed on a server for example

I understood ASA was a box with ASA-software. After that, I am lost.

What about now ? Does ASA still use same ASA-software?

Thanks and have a great day.

I will definitely lend money to working poor once i get a job as network engineer. In the meantime, I am the working poor. :-)

Karsten Iwen · ‎06-12-2013

About the Appliance: That's a device where the software you want to use (the firewall in this case) is bundled with the operating system and that's all what is running on the hardware. The benefit is that you don't have to care about operating-system updates. For example the ASA is based on Linux since some time. But you never have to take care of updating the OS as that is done by updating the ASA. Now we often have virtual appliances where the same thing runs virtualized on a hypervisor like VMware. With that you can run more then one function on one one piece of hardware.

In contrast to that, Cisco once had a firewall-software that was installed on Windows NT but I forgot the name of the software. There the firewall was just an application on a Windows-server.

Good luck with finding the right job as a network-engineer.

Sent from Cisco Technical Support iPad App