Re: Reg: ASA Limitations

Janardhan Meesala · ‎07-27-2011

Dear Experts!!!!!

Below i am mentioning some limitations of ASA Firewall.

Does not support Policy based routing.
Does not support two default routes in the routing table.
Does not HTTPS filtering with CSC module if client using internet explorer 8 or earlier versions of Internet explorer. HTTPS filtering will support only in IE 9 and other browsers like Firefox. So users compulsory needs to use windows vista or windows 7 if they want use internet explorer.
HTTPS redirecting. If my client use " onlinesbi.com" it is not redirecting as https url.
Does not support ISP load balancing.
If we use CSC module, users are getting too much delay when they want to open the sites.

Please confirm me all above points are correct or not???

Requesting you to please tell me other limitations of ASA also.

Regards,

Janardhan

Adam Makovecz · ‎07-27-2011

Hi,

1. correct

2. correct

3. not sure about that, but I can imagine and may be it depends on the version of CSC module

4. needs to troubleshoot, please open a case for that

5. correct

6. it is possible, depends on the traffic load. Please note that CSC need to look into every packet, so it takes time.

If you interested in the limitations please read the Release notes:

http://www.cisco.com/en/US/products/ps6120/tsd_products_support_general_information.html

Jon Marshall · ‎07-27-2011

Adam

Just to clarify (for me), i thought the ASA did support multiple default-routes as long as they pointed out of the same interface ?

*** Edit - also do you know of any plans to include PBR in the ASA ? It comes up so often in these forums and would be a very useful addition to the ASA functionality.

Jon