Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
1
Replies

Regarding Concentrator, ASA and Cisco IOS firewall

Go to solution
sharma16031981
Level 1
Level 1

‎01-09-2010 11:39 AM - edited ‎03-11-2019 09:55 AM

Hello friends,

I have little knowledge of security devices , So could someone please clarify that

1). what is the main different configurable option in Concentrator, ASA and Cisco IOS firewall.

2). Why to use Concentrator when we can actually configure and terminate VPNs on firewall.

3). If we can configure Cisco router to act as Cisco IOS firewall then why to use firewall.

Thanks,

Hemant

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-09-2010 01:25 PM 

sharma16031981 wrote:
Hello friends,
I have little knowledge of security devices , So could someone please clarify that
1). what is the main different configurable option in Concentrator, ASA and Cisco IOS firewall.
2). Why to use Concentrator when we can actually configure and terminate VPNs on firewall.
3). If we can configure Cisco router to act as Cisco IOS firewall then why to use firewall.
Thanks,
Hemant

Hemant

1)  Concentrator = VPN only

     ASA = firewall/VPN/IDS,IPS

     IOS router = all the above + a lot of other functions

2)  Concentrator used to be a nice and easy dedicated piece of kit to configure with a good web interface. However i think nowadays most people would go for an ASA to terminate VPNs rather than a concentrator

3) Well, a router can do a lot of things. It can be a firewall, a VPN terminator etc.. and if you were looking to run DMVPN for instance where you wanted a dynamic routing protocol then it would be the choice to make. In fact there are people who argue why buy anything but a router in for this sort of thing but personally i think ASA devices have their place. For a start they are designed to be firewall whereas routers are not - CBAC on IOS routers is an additional feature and it can hit the CPU quite hard. In addition routers by definition support a lot more features, hence have more code, hence have more bugs.

If you want to firewall then i would say go with the ASA not a router unless

a) you can't afford separate devices in which case you may want to combine functionality into a router

or

b) you need additional features that a router supplies that a firewall can't ie. PBR would be a good example. Additional here meaning you want a firewall with PBR on one device which would mean a router.

There is an increasing amount of overlap in devices and what they will do and you can often combine certain functions into one device but still it's fair to say routers primary function is to route traffic from A -> B and firewalls primary function is to allow/restrict traffic from A -> B. Trying to use one to do the other is acceptable but you need to know what you are doing.  As an example search on this site for "ASA PBR" and you'll see what i mean ie. people want to policy route traffic but they only have an ASA and so simply can't.

Jon

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-09-2010 01:25 PM 

sharma16031981 wrote:
Hello friends,
I have little knowledge of security devices , So could someone please clarify that
1). what is the main different configurable option in Concentrator, ASA and Cisco IOS firewall.
2). Why to use Concentrator when we can actually configure and terminate VPNs on firewall.
3). If we can configure Cisco router to act as Cisco IOS firewall then why to use firewall.
Thanks,
Hemant

Hemant

1)  Concentrator = VPN only

     ASA = firewall/VPN/IDS,IPS

     IOS router = all the above + a lot of other functions

2)  Concentrator used to be a nice and easy dedicated piece of kit to configure with a good web interface. However i think nowadays most people would go for an ASA to terminate VPNs rather than a concentrator

3) Well, a router can do a lot of things. It can be a firewall, a VPN terminator etc.. and if you were looking to run DMVPN for instance where you wanted a dynamic routing protocol then it would be the choice to make. In fact there are people who argue why buy anything but a router in for this sort of thing but personally i think ASA devices have their place. For a start they are designed to be firewall whereas routers are not - CBAC on IOS routers is an additional feature and it can hit the CPU quite hard. In addition routers by definition support a lot more features, hence have more code, hence have more bugs.

If you want to firewall then i would say go with the ASA not a router unless

a) you can't afford separate devices in which case you may want to combine functionality into a router

or

b) you need additional features that a router supplies that a firewall can't ie. PBR would be a good example. Additional here meaning you want a firewall with PBR on one device which would mean a router.

There is an increasing amount of overlap in devices and what they will do and you can often combine certain functions into one device but still it's fair to say routers primary function is to route traffic from A -> B and firewalls primary function is to allow/restrict traffic from A -> B. Trying to use one to do the other is acceptable but you need to know what you are doing.  As an example search on this site for "ASA PBR" and you'll see what i mean ie. people want to policy route traffic but they only have an ASA and so simply can't.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card